Jan 02 2020 04:16 AM
Hi Everyone,
Happy New Year!
Since joining a new organization, me and one of my colleagues build/maintain the azure environment we have. When I first joined I was only given Global Reader Access.
I now have the same access control as him (Owner, Contributor, User Access Admin), same AAD Roles such as Global Admin and others whilst he just has Global Admin.
The problem I have is that I cannot manage our tenants/hostpools via powershell like he can.
Running Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
I sometimes get errors or it will connect.
I just connected and attempted to run Get-RdsTenant for one of our tenants and got the following :
Get-RdsTenant : User is not authorized to query the management service.
Even running the same command for a tenant I created I get the same error.
We have both have MFA enabled but he has no issues whatsoever.
Can anyone share any suggestions/fixes?
Jan 14 2020 01:23 PM
Hi @AT1991,
Your doing it with the Azure CLI or Powershell?
Maybe this is a Problem with the Account Cache in the Powershell.
I saw this somewhen in the past.
Maybe reinstallation of the Modules or Azure CLI may help, and also a new AZ Login and Token Refresh. Maybe also try if the Issue is the same in your colleagues Cliwent, or if all works fine with that one.
Sounds more like a Client Issue instead of a Azure Permission Issue.
Kind Regards, Peter
Jan 15 2020 05:28 AM