User Profile
NKUGAN
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Azure New 16 Built In Roles Available In Preview
Microsoft announces in Azure AD new 16 new built-in roles are included also highly requested Global Reader role is now in public preview. Most of the daily tasks are run by the global administrator and another system administrator cannot do any tasks these new roles can help to reduce the global administrator tasks. These roles are available globally for all subscriptions Global reader is the read-only counterpart to Global administrator. Assign Global reader instead of Global administrator for planning, audits, or investigations. Use Global reader in combination with other limited admin roles like Exchange Administrator to make it easier to get work done without the assigning the Global Administrator role. The global reader works with Microsoft 365 admin center, Exchange admin center, Teams admin center, Security center, Compliance center, Azure AD admin center, and Device Management admin center. Global reader role has a few limitations right now – SharePoint admin center – SharePoint admin center does not support the Global reader role. You won’t see ‘SharePoint’ in left pane under Admin Centers inMicrosoft 365 admin center. OneDrive admin center– OneDrive admin center does not support the Global reader role. Azure AD portal– Global reader can’t read the provisioning mode of an enterprise app. M365 admin center– Global reader can’t read customer lockbox requests. You won’t find theCustomer lockbox requeststab underSupportin the left pane of M365 Admin Center. M365 Security center– Global reader can’t read sensitivity and retention labels. You won’t findSensitivity labels,Retention labels, andLabel analyticstabs in the left pane of the M365 Security center. Teams admin center– Global reader cannot readTeams lifecycle,Analytics & reports,IP phone device managementandApp catalog. Privileged Access Management (PAM)doesn’t support the Global reader role. Azure Information Protection– Global reader is supported forcentral reportingonly, and when your tenant isn’t on theunified labeling platform. These features are currently in development. Role name Description Authentication administrator View, set, and reset authentication method information and passwords for any non-admin user. Azure DevOps administrator Manage Azure DevOps organization policy and settings. B2C user flow administrator Create and manage all aspects of user flows. B2C user flow attribute administrator Create and manage the attribute schema available to all user flows. B2C IEF Keyset administrator Manage secrets for federation and encryption in the Identity Experience Framework. B2C IEF Policy administrator Create and manage trust framework policies in the Identity Experience Framework. Compliance data administrator Create and manage compliance data and alerts. External Identity Provider administrator Configure identity providers for use in direct federation. Global reader View everything a Global administrator can view without the ability to edit or change. Kaizala administrator Manage settings for Microsoft Kaizala. Message center privacy reader Read Message center posts, data privacy messages, groups, domains and subscriptions. Password administrator Reset passwords for non-administrators and Password administrators. Privileged authentication administrator View, set, and reset authentication method information for any user (admin or non-admin). Security operator Creates and manages security events. Search administrator Create and manage all aspects of Microsoft Search settings. Search editor Create and manage editorial content such as bookmarks, Q & As, locations, floorplan.Azure Storage Account Larger File Shares
Microsoft Announce General Available Larger file shares available in the storage account. Azure Files is secure, fully managed public cloud file storage with a full range of data redundancy options and hybrid capabilities using Azure File Sync. All premium file shares are available with 100 TiB capacity. VisitAzure Files scale limitsdocumentation to get more details. What’s new? Large file shares now has: Ability to upgrade existing general purpose storage accounts and existing file shares. Ability to opt in for larger files shares at a storage account instead of subscription level. Expanded regional coverage. Support for both locally redundant and zonal redundant storages. Improvements in the performance and scale of sync to work better with larger file shares. Visit Azure File Syncscalabilitytargets to keep informed of the latest scale. New storage account Create a new general-purpose storage account in one of thesupported regionson a supported redundancy option. While creating storage account, go toAdvancedtab and enableLarge file sharesfeature. See detailed steps on how toenable large file shares supporton a new storage account. All new shares created under this new account will, by default, have 100 TiB capacity with increased scale. Existing storage account On an existing general-purpose storage account that resides on one of thesupported regions, go toConfiguration, enableLarge file sharesfeature, and hitSave. You can now update quota for existing shares under this upgraded account to more than 5 TiB. All new shares created under this upgraded account will, by default, have 100 TiB capacity with increased scale.Publish The Static Website Using Azure Storage
Microsoft introduced Static website hosting is a feature from storage account enabled on theStatic website. To enable static website hosting, select the name of your default file, and then optionally provide a path to a custom 404 page. If a blob storage container named$webdoesn’t already exist in the account, one is created for you. Add the files of your site to this container. Creating a newAzure Storage Accountand provide a name and under theAccount -Kindmake sure that you selectGeneral PurposeStorageV2. After it creates the resource then go toSettingsand selectStatic website. SelectEnabledfor Static Website. Under theIndex Document Nametypeindex.htmland underError document pathtype404.html. Click Save, you’ll see there is a$webfolder that you can click on to upload your files. I simply dropped a singleindex.htmlfile with some text to test. You’ll also want to jot down thePrimary endpointlocation as you’ll test your site with that URL. Upload HTML files$webfolder. Once you’ve uploaded your file to$webthen go to your browser and paste in the URL provided in the previous step.Azure Private Endpoint (Azure Private Link)
Azure Private Endpoint (Azure Private LInk) –Preview Availabilityis a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. The service could be an Azure service such as Azure Storage, SQL, etc. Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a Private Endpoint in your virtual network. Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. You can also create your own Private Link Service in your virtual network (VNet) and deliver it privately to your customers. The setup and consumption experience using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services. Access to a private link resource using an approval workflow You can connect to a private link resource using the following connection approval methods: Automaticallyapproved when you own or have permission on the specific private link resource. The permission required is based on the private link resource type in the following format: Microsoft.<Provider>/<resource_type>/privateEndpointConnectionApproval/action Manualrequest when you don’t have the permission required and would like to request access. An approval workflow will be initiated. The private endpoint and subsequent private endpoint connection will be created in a “Pending” state. The private link resource owner is responsible to approve the connection. After it’s approved, the private endpoint is enabled to send traffic normally, as shown in the following approval workflow diagram. Configure the Steps This Example I am selecting an existing storage account creating a private endpoint – Enter theNameandRegion. Click –Next The Resource Selection – Connection method – can open all Azure Resources in my Directory or Selected Resource ID only. Then Resource Type Currently Only Available (Storage/Network/SQL). Resource Select from the list and Target source. ClickNext Configuration Tab – Select VNET and Subnet also you can Create Private DNS integration or No ClickNext Add TAGS. Validate Passed ClickCreate.Windows Virtual Desktop add user in to another app group error
Adding user into App Group below error pop up. This user inside Desktop Application Group i need to add this user to MS Office Group. but Below Error Popup. I tried Powershell also. is Anyone has any idea. Error Failed To Add User Unable to grant RDP access rights for User '≤testvdi3@nkcode.xyz≥' to Application Group '≤Microsoft Office 365≥' because the user already has rights to an Application Group(s) of a different type in the same Session Host Pool: '≤Desktop Application Group≥'
