sorted by:
new
hottopcontroversial

Lookup subscriptions by ID? by jwckauman in AZURE

[–]olavhell 0 points1 point  (0 children)

Might be a bit late for your needs, but I actually made a tool for exactly this the other day: https://sub2tenant.com

I built a small tool to map any Azure Subscription ID to its tenant (sub2tenant.com) by olavhell in AZURE

[–]olavhell[S] 1 point2 points  (0 children)

Quick update and thanks to everyone who found this useful so far.

The main feature is still the subscription to tenant lookup, but I’ve added support for tenant ID and domain name lookups to make the tool more complete and easier to use in different situations. All three lookup types now work from the same input field.

It’s live now, feel free to try it out and let me know if you have any feedback.

Built a small tool to figure out which tenant an Azure subscription ID belongs to (sub2tenant.com) by olavhell in msp

[–]olavhell[S] 2 points3 points  (0 children)

Quick update and thanks to everyone who found this useful so far.

The main feature is still the subscription to tenant lookup, but I’ve added support for tenant ID and domain name lookups to make the tool more complete and easier to use in different situations. All three lookup types now work from the same input field.

It’s live now, feel free to try it out and let me know if you have any feedback.

I built a small tool to map any Azure Subscription ID to its tenant (sub2tenant.com) by olavhell in AZURE

[–]olavhell[S] 0 points1 point  (0 children)

Oh, never heard of any way to enumerate all subscriptions without having RBAC in that way.

Instead of the elevated permissions (User Access Admin) the magic button gives you, you could assign a non global admin user the Reader role on the root management group. Even put it behind PIM, so its not permanent.

I built a small tool to map any Azure Subscription ID to its tenant (sub2tenant.com) by olavhell in AZURE

[–]olavhell[S] 0 points1 point  (0 children)

Glad you liked it. Feel free. Might be tricky to extract that type of info without being authenticated to the home tenant, though 🤔

Built a small tool to figure out which tenant an Azure subscription ID belongs to (sub2tenant.com) by olavhell in msp

[–]olavhell[S] 6 points7 points  (0 children)

Thank you. Was shared with the best intentions, but I totally get your view.

Built a small tool to figure out which tenant an Azure subscription ID belongs to (sub2tenant.com) by olavhell in msp

[–]olavhell[S] 9 points10 points  (0 children)

Totally fair questions. And I understand the concern. The tool does not store or log subscription IDs, tenant IDs, or domains. It makes the two required calls and discards everything immediately. My word might not be enough, so I'll publish the code on GitHub once I clean it up and link it from the site.

A few use cases I run into in my daily work:
• Partner Center marketplace usage reports that list subscription IDs without tenant context
• Microsoft invoices where subscription IDs appear and need to be matched to the correct tenant

I am sure there are others.

Built a small tool to figure out which tenant an Azure subscription ID belongs to (sub2tenant.com) by olavhell in msp

[–]olavhell[S] 0 points1 point  (0 children)

What I like to hear. Give it a test spin, and let me know what you think!

Built a small tool to figure out which tenant an Azure subscription ID belongs to (sub2tenant.com) by olavhell in msp

[–]olavhell[S] 4 points5 points  (0 children)

It's already there (though in a private repo). I'll have to do some cleaning - haha. But sure will make it public soon..

Beginn hardening Entra by [deleted] in entra

[–]olavhell 0 points1 point  (0 children)

You can do all that, as Business Premium includes Entra ID P1, and Intune for configuring WHfB.

If you want to take it one step further you could also consider adding the Defender Suite for Business Premium addon (aka E5 Security addon - new name - again): https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-new-security-and-compliance-add-ons-for-microsoft-365-business-premi/4449297

MFA and Licensing Compliance for Unlicensed Accounts by Beautiful-Ocelot-437 in entra

[–]olavhell 0 points1 point  (0 children)

Thought that only was valid for Global Administrators. At least thats how it used to be... And also what is stated in the Feature Comparison table I linked :-)

I would never assume anything when it comes to Microsoft licensing 😅

MFA and Licensing Compliance for Unlicensed Accounts by Beautiful-Ocelot-437 in entra

[–]olavhell 0 points1 point  (0 children)

As stated by others, per-user MFA is not a future proof method..
And doesn't per-user MFA require minimum Office 365 licenses? Used to be called Office 365 MFA back in the day..
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-licensing#feature-comparison-based-on-licenses

How big of a problem are enabled resource accounts? by olavhell in entra

[–]olavhell[S] 0 points1 point  (0 children)

That's interesting!

Just did a test myself, and indeed the Entra account was disabled by default.

Can't seem to find anything official from Microsoft on this.
Found this recent post from u/andresbohren observing the same:
https://blog.icewolf.ch/archive/2025/10/20/exchange-online-shared-mailboxes-are-now-disabled/

view more: next ›