Forum Discussion
MicrosoftDeallocate VM on user logoff
Could you please try to update the custom role used for Start VM on Connect and add Microsoft.Compute/virtualMachines/instanceView/read to it? This should ensure that sessions are removed in the service upon deallocation of the virtual machine.
We've already updated our docs for Start VM on Connect, but could be easily missed by customers already using this feature.
BerndLoehlein
very good solution. Thank you.
I try to implement the script fro create managedid and AzRoleAssgniment in a azure function.
Which Azure Role permission i need for:
New-AzRoleAssignment -ObjectId $managedIdentity -RoleDefinitionName $roleDefinitionName -Scope $vm.Id
Because i become the following error:
New-AzRoleAssignmentParameterSetName : EmptyParameterSetContent-Type : application/json; charset=utf-8Content-Length : 116Response :StatusCode : ForbiddenReasonPhrase : ForbiddenContent : {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}
- BerndLoehlein
Assignments of roles requires the Microsoft.Authorization/roleAssignments/write permissions which are only included in the pre-defined roles of "User Access Administrator" or "Owner".
- BerndLoehleinI've updated the script in above post to check if the user has initiated a reboot or another user is still active on the same machine. Deallocation won't be initiated in those cases.
