User Profile
oscarmh
MCT
Joined Jan 10, 2021
User Widgets
Recent Discussions
Re: Azure Hybrid Join Server 2022
Hi there, it is possible to RDP to a hybrid joined server (Server 2022) using Azure Credentials. To do this, you need to add the custom RDP property "targetisaadjoined:i:1" to the host pool. This property allows connections to Azure AD-joined session hosts using username and password credentials. However, to access the session host, your local PC must meet one of the following conditions: 1. The local PC is Azure AD-joined to the same Azure AD tenant as the session host 2. The local PC is hybrid Azure AD-joined to the same Azure AD tenant as the session host 3. The local PC is running Windows 11 or Windows 10, version 2004 or later, and is Azure AD registered to the same Azure AD tenant as the session host If your local PC doesn't meet one of these conditions, you can still connect to the session host by entering your username and password credentials. Regarding the security event log events 5058, 5061, 5059, and 4625, these events indicate that the authentication process failed. The details of event 4625 do not contain the name of your Azure AD user and the security ID is NULL SID. To troubleshoot this issue, you can check the following: 1. Ensure that your local PC meets one of the conditions mentioned above 2. Ensure that your Azure AD user account has the necessary permissions to access the session host 3. Check the event logs on the session host for any errors or warnings related to authentication 4. Check the Azure AD Connect logs for any errors or warnings related to synchronization If you are still unable to resolve the issue, you can contact Microsoft support for further assistance. KR, Oscar5.4KViews1like1CommentRe: RBAC Automation Job Operator, but for specific runbooks
Hi there, there is no built-in way to restrict an RBAC role for a user to a specific runbook within an automation account. However, you can create a custom role with the necessary permissions to restrict the user's access to a specific runbook within an automation account. You can use Azure PowerShell to create a custom role and assign it to the user https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/automation/automation-role-based-access-control.md https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/role-based-access-control/built-in-roles.md KR, Oscar641Views0likes0CommentsRe: How to authenticate PowerShell cmdlets in Runbooks with managed identities?
You can authenticate PowerShell cmdlets without AzureRunAs connections in Runbooks by using managed identities in Azure Automation. You can create a PowerShell runbook in Azure Automation that uses a managed identity, rather than the Run As account to interact with resources. You can assign permissions to the managed identities to allow them to stop and start a virtual machine. You can also create credential assets and use them in a runbook or DSC configuration. The cmdlets in the following table create and manage Automation credentials with PowerShell: Get-AzAutomationCredential, New-AzAutomationCredential, Remove-AzAutomationCredential, and Set-AzAutomationCredential. The Get-AutomationPSCredential cmdlet gets a PSCredential object that you can use with a cmdlet that requires a credential. Have a look here https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/automation/learn/powershell-runbook-managed-identity.md https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/automation/shared-resources/credentials.md Let me know how it goes !!2.1KViews0likes0CommentsRe: Azure AD - Guest users & My Apps
To make applications available to users in the My Apps portal, you need to set the application to be visible in its properties and assign the application to the user or group. You can search for an application by entering its name in the search box at the top of the My Apps portal. It can take several minutes for an application to appear in the My Apps portal after it has been added to the tenant in the Azure portal. To achieve the same for Dynamics 365 CE Model Driven App, you need to set the application to be visible in its properties and assign the application to the user or group. To direct guest users to My Apps, you can send them a direct link to the app you want to share. After the guest user has been added to the directory in Azure AD, an application owner can send the guest user a direct link to the app they want to share. The link URL also remains constant if the single sign-on configuration for the application changes. Let me know how it goes!3.5KViews0likes3Comments
Recent Blog Articles
No content to show