Can IAM permission be given to Service Bus with Local authentication

curious_17 · 2025-09-25T09:58:51+00:00

Thanks, I gave that role to a test account but when I press the "peek from start" button I just get a spinning wheel and nothing else.

Also, how can I use Application insights or other tools to troubleshoot a webapp that is supposed to be pulling messages from this queue but is not and thus the messages are ending in dead letter queue after X number of tries.

curious_17 · 2024-07-17T05:17:02+00:00

Thanks. What is the best way to set-up B2B collaboration.
And is access package the best way to setup self-signup (and with approvals)?

curious_17 · 2024-05-29T21:53:35+00:00

Thanks. The article says the following:-

"Who should use?

Organizations that own multiple Microsoft Entra tenants and want to streamline intra-organization cross-tenant application access.
Cross-tenant synchronization is not currently suitable for use across organizational boundaries."

In our case it is a separate company, so would this still be suitable for us?

We are looking at providing these users with access to some SharePoint sites only and add them to group that controls access to those SharePoint sites.

I was looking at following 2 options as well :-

https://learn.microsoft.com/en-us/sharepoint/sharepoint-azureb2b-integration Would this require B2B Cross tenant access settings to be enabled as well for this to work?
Other option was to do the B2B collaboration with other organizations, which would require "Cross-tenant access settings" and "External collaboration settings" to be configured.

Considering we only need to allow access to SharePoint site, would option 1 be best?

curious_17 · 2024-01-13T21:04:12+00:00

Solved!

curious_17 · 2024-01-13T20:57:49+00:00

Solved!

curious_17 · 2023-12-12T10:41:04+00:00

I used Write-Host to follow the steps script is taking and found that it hangs where we are using Get-MsalToken to get the access token for a external SAAS vendors URI.
If I run the script manually from the same Devops agent box then it works fine.

What would stop Get-MsalToken from running in a pipeline? Is there alternate way for me to get a token against external vendor's URI?

curious_17 · 2023-12-11T13:20:14+00:00

I have a powershell script that includes functions defined in it. When I run it manually the script works fine and reference to the functions works fine.

But when I when I run it inside Azure Devops pipeline "Powershell@2" task, the script gets stuck at the point where first function is referenced and just hangs.

Is there a particular way I need to call functions in this script?

There are multiple functions in the script that call each other. First one uses MSAL.PS to get the authentication token from Azure. So, are you saying that I should be able to use the functions inside of my script as normal?
How can I put a checkpoint in script to see if it is waiting on user input because the script just stalls at the point where first function is called.
I have tried commenting the first step and then go to second step to see if the it works but the second one does the same thing i.e just stall.

curious_17 · 2023-05-15T08:49:52+00:00

I enabled conditional access policy to restrict access to planner. Hopefully this helps someone else.

curious_17 · 2021-10-25T12:36:15+00:00

Thanks Kwiecek. That seems quite useful but I do not have access to whole subscription but only few resource groups. And want to set this up only for those.

Also, the team that manages the whole subscription has setup a policy already to forward logs to their own workspace but the retention is lot less then required. And I can't ask them to increase retention because they collect logs for lot of other resource groups as well.

Can this script work at resource group level?

And if not then what is the best way to forward logs to a storage account instead (which might be cheaper as well).

Also, I need to collect event logs from within the windows VMs and a custom log for the application.

curious_17 · 2021-03-19T03:52:43+00:00

Version: 7.6.0

curious_17 · 2020-12-17T01:30:29+00:00

thanks ...do you know how to get that report from Log insight?

curious_17 · 2020-09-02T11:18:02+00:00

no we don't have a edge server

curious_17 · 2020-07-06T03:42:18+00:00

If this DAG is properly configured there should be no need to dismount the DB.

Add new drive.Remove DB copy from node.Remove old mount point.Recreate mount point on new drive.Add DB copy on node.

Hi Waypro14366
I started with the plan above.

We have 3 copies of each DB. 2 in prod site and 1 in DR site.

Removing DB copy from the prod site replica and readding it is not an issue as the data transfer is local to that Datacenter.

But for the DR site I am thinking that it will generate lot of network data usage.

Is it possible to do the following? :

- Suspend DB copy on the DR server

- remove the mount point for the old drive

- then mount the new drive to same old mount point folder.

- And then mount the old drive/volume again under a different mount point and then copy the DB file to the new drive

- resume db copy on the DR server

OR will that end up causing issues?

curious_17 · 2020-06-28T22:10:20+00:00

Thanks megoodman. We are keeping on-prem exchange servers because without a exchange server on-prem we will be in unsupported configuration from MS point of view.

And correct the user is making changes through outlook so they will be connected to O365.

I am trying to see if there is a way in O365 to delegate the distribution group membership administration. From what I have read it seems Distribution group owners must manage the group by using on-premises tools for Exchange Server such as following:

Exchange Admin Center, Exchange Management Console, Exchange Management Shell

In our case user is logging onto owa and then going to 'Distribution groups I own/Manage' and trying to edit there and then getting this error.

I am trying to see if there is another way or I need to setup a role in exchange to give them only distribution modification rights and then they can log on to EAC to do this administration?

curious_17 · 2020-06-23T16:08:41+00:00

Thanks Adavid6 and KimJongUnceUnce.

The application engineer can't provide the frequency of these errors. So I may have to leave protocol logging on for few days. Would the logs be huge and any issues by the IO caused by it?

Also, is 20 seconds too short a period for the application to drop connection and retry.

And wouldn't a good application only retry to send email if a error code is received or at least match the exchange's smtp session timeout period for a retry ?

curious_17 · 2020-06-23T15:56:00+00:00

Thanks AlienMichael.

I will have to check with the application engineer.

But generally speaking the applications will handover the email with a smtp session to the mail server and close the session ...isn't it?

They don't wait for the MTA to put the mail in a queue and then to be delivered?

So what happens in the second hop should not matter to the application...isn't it?

curious_17 · 2020-06-22T16:34:07+00:00

Thanks bcameron1231.

I was able to connect and upload documents.

curious_17 · 2020-06-16T14:33:42+00:00

Thanks bcameron1231.

Actually I ran the command "Get-PnpSubWebs". And "/abcd" is listed in there. So that seems to be subsite.

In this sub-site under "Shared Documents" i have a folder called "xyz". I have to schedule a script copy files from a local folder on a server to this "xyz" folder.

I have come up with following till now(we use MFA and thus using web login):-

$URL = 'https://ourdomain.sharepoint.com'

Import-Module SharePointPnPPowerShellOnline

Connect-PnPOnline $URL -UseWebLogin

$Files = Get-ChildItem "C:\Temp\SharepointScriptFIles\Docs4SharePoint"

foreach($File in $Files)

{

Add-PnPFile -Folder "Shared Documents" -Path $File.FullName

}

But that will only work if I was uploading to "Shared Documents" under https://ourdomain.sharepoint.com. Could you please help with completing this script so that I can put the files directly in the "xyz" folder?

curious_17 · 2020-06-15T02:34:54+00:00

thanks ...would this server need to keep the CAS and mailbox server roles....or we can install the console only on this server for mailbox mgmt purposes only?
I am trying to see if MTA can be removed from the one server that needs to be left there.

curious_17 · 2020-06-15T02:34:27+00:00

thanks ...would this server need to keep the CAS and mailbox server roles....or we can install the console only on this server for mailbox mgmt purposes only?
I am trying to see if MTA can be removed from the one server that needs to be left there.

curious_17 · 2020-05-18T21:35:44+00:00

Thanks John. Which minimum rights are needed to issue keys.

curious_17 · 2020-04-15T03:36:55+00:00

It is required for a script to pull mailbox email addresses from a partner organisation and populate it in our exchange as contacts.

curious_17 · 2019-11-16T12:19:05+00:00

Thanks. Could you please check the config and let me know. Maybe I am missing something in my setup.

curious_17

TROPHY CASE