Sep 17 2019 02:29 AM
Hello
As a Cloud Service Provider, I can access all my customers services with my CSP user technical account (who is Global Admin via guest integration in AD, by default)
However, the one and only service I can't join is the Cloud App Security with the following error:
It seems like you can't access Microsoft Cloud App Security right now.
If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
I have to create a Global Admin account in the customer AD to connect, and it's NOT the way it should be.
Is there is a workaround this error?
Regards
Sep 17 2019 03:54 AM
SolutionSep 18 2019 12:47 AM
@Timil75I had a chat with Microsoft about this, as there are things you cannot reach this way. This includes things in the security and compliance consoles and mcas. The feedback I received was that this will not change, and that it was by design. My customer had to create users in the individual tenants to get around this, and that is not a great solution as you say.
Sep 22 2019 07:24 AM
@Timil75 You can invite the external admin directly to MCAS though the "manage admins" settings.
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins#invite-external-admins
Sep 24 2019 12:40 AM
That is interesting @Dima Donhin That can solve part of our problem, but not the part with the other unreachable portals like security and compliance portal.
Feb 04 2020 08:05 AM
Hello,
When you want to access to Microsoft 365 portals with guest user credential, you will ask you the password, for example if you the mail address of your guest user is guest@contoso.com the credential to use is guest_contoso.com#ext#@organizationname.onmicorosoft.com where ogranizationname is the name of the organization that invites you. So this password must be configured by an office 365 administrator, if you try to define this password directly from the Azure AD portal we will get an error message.
So to configure this password follow these steps :
Open a session as gloabl admin in admin.microsoft.com
Go to Active Users and select the guest user.
Define a password and confirm.
After you can give your guest user the role that you want from Azure AD Portal.
for me that work very fine.
Best Regards,
Adil WAAZIZ
Sep 17 2019 03:54 AM
Solution