As security best practice our Client has restricted developer roles to Contributor on their Azure Portal resource group. All is fine but this seriously restricts using any kind of azure integration (deployments, server explorer, cloud explorer etc) from Visual Studio if we use the Contributor role to sign in to azure from Visual Studio. We are working on typical MSBI services like data lake analytics (usql), azure Analysis services, dw. And we cannot use any of the visual studio azure connectivity features.
I found a solution, to use a management cert. But MS site warns against using this as it will allow access to all azure resources defeating the purpose of contributor restrictions.
Could I please request for any guidance?
You can use RBAC'd accounts with VS, only the "legacy" features will not recognize them - e.g. Cloud Service Publish, Server Explorer (for this use Cloud Explorer instead).
Anything recent (AzureRM Tools, Cloud Explorer, Web Tools, Connected Svcs, Team Explorer) will work with RBAC
What features are you having trouble with?
Related
I have a Visual Studio subscription.
I'm trying to implement Application Insights in a Web API application in Visual Studio.
The wizard is trying to associate AI with my Visual Studio subscription. Rather, I want to integrate with my company's Azure subscription.
So, how is this done? Do I have to contact the Azure admin and add me to Azure? I have seen responses like "add you as a co-administrator". This is pretty dumb, when you're a developer.
Our company Azure subscription has Active Directory integration. So what. How do I register with the company Azure subscription that I want to implement services as a developer in the company??
Can someone provide some insight or references? The documentation is ponderous on this point.
If I understand your question correctly, you need to obtain an Instrumentation Key from a resource that is created in your company's Azure portal. Then, you can install application insights in your project and use that instrumentation key.
If, on the other hand you are asking why you have to be a co-administrator then you are correct. This was the case for a while but not anymore.
Account admin can now assign new users to specific resource groups. Each resource group can contain one or multiple resources. Read more: https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure
I am following a series of instructions to deploy a mobile backend using Azure Mobile Services.
As part of that workflow I get to download a personalized backend app which downloads as Visual studio solution.
It builds fine and the next step is to publish it to Azure.
Instead of seeing the choice below (Microsoft Azure App Service) I am seeing 2 different choices
Microsoft Azure Web Apps, or
Microsoft Azure API Apps (Preview).
So, I chose the closest option (Web Apps) provided and it logs me into Azure and in a box which reports existing web apps I see none.
Yet I've deployed a mobile app in the Azure portal earlier.
In some of what I've been reading online it mentions a Publisher profile. I am just a bit stumped by not getting the "Microsoft Azure App Service" choice when I go to publish my backend to the cloud.
Here is the tutorial/guide which I am following (January 2016).
Perhaps the VS/Azure integration has changed since then or maybe I've more configuration steps missing.
Azure .NET mobile backend using Azure Mobile Services
Any guidance would be hugely welcome.
At this stage I am stuck as far as what I need to do to get my mobile backend published to Azure.
You have got an older version of the Azure SDK installed. The latest version of the Azure SDK provides the Azure App Service publish dialog.
I think I've solved this for now.
I was able to download a publish profile from the Azure Console which I could import within the "publish" dialog in VS2015.
I now have the mobile app up and running in Azure.
Visual Studio Online is available in Azure for creating Team Projects on cloud. Now what i have a doubt is if we can restrict the access of VSO from just corporate network or not? If yes how can we achieve that? Can anyone provide links or steps to configure it? Can Azure Active Directory help in this case?
For eg: There is XYZ Company that wants its developers to work with VSO only while they are on premise of the office. When they go home or outside corporate's network he/she must not be able to access or make changes in VSO.
Any help will be appreciated.!!
I think you can do it via using Azure Active Directory.
As we know that Azure AD can be integrated with an existing Windows Server Active Directory, giving organizations the ability to leverage their existing on-premises identity. Please check:
http://blogs.technet.com/b/ad/archive/2014/08/04/connecting-ad-and-azure-ad-only-4-clicks-with-azure-ad-connect.aspx
If the Visual Studio Online account is connected to an active directory, only users in that directory can get access to your account.
Please check the following two links for the details:
https://www.visualstudio.com/get-started/setup/manage-organization-access-for-your-account-vs
http://nakedalm.com/use-corporate-identities-existing-vso-accounts/
I have gone through the Lab AdvancedWebAndWorkerRoles which you have provided in the latest training kit WAPTK. I followed the steps in Exercise 1:registering sites,Applications and Virtual directories .It is running fine in windows azure emulator(locally),but i cannot find any steps to host in the windows azure management portal.
Can any one suggest(steps) how to host the same application in the windows azure management portal?
We know how to deploy applications in windows azure portal.As i had mentioned in my question about the Exercise 1:registering sites,Applications and Virtual directories in the training kit WAPTK ,we want to create the similar application and host in the azure.The steps to host the Exercise 1 application in management portal is not mentioned in the training kit.We tried to host the application in windows azure portal but it is not working as the ServiceDefinition.csdef include some different configurations.We wanted to know the steps to host that application in management portal.
Under the Introduction to Windows Azure lab, look at Exercise 3: Publishing a Windows Azure Application. This shows how to publish via the portal. The basic steps:
Build your Windows Azure service in Visual Studio, but tell it not to publish. Just generate the package file and configuration file.
Create a new hosted service. This gets a name like myapp.cloudapp.net. You'll need to find a unique DNS prefix.
Select the generated package file and configuration file, from the portal, which results in your service being launched. This takes a few minutes, and you can watch its status via the portal.
You may also publish directly from Visual Studio. See this MSDN article for instructions on setting up Visual Studio correctly (which basically imports your publishing settings from the portal). Visual Studio can perform all of the steps without having you to actually do anything in the portal (aside from exporting your publish settings).
I try to upgrade a plug-in that was on webaccess 2008. Whe were using WebAccessSession to get the user name of the current user logged (WebAccessSession.Current.Connection.UserName ). I Imagine now that it is in tfsConnection but I'm not sure.
Is there any documentation that tells what really changes between Team Foundation Server 2008 and Team Foundation Server 2010?
No documentaion that details things at the level that you are looking for I'm afraid. As far as I know, plugging in to Web Access is not supported via any specified API so any integration you have done yourself would be classed as unsupported so you'd be on your own when it comes to figuring those sorts of changes out. Sorry.
As far as your question about Web Access, this blog post from Hajan Eskci details what's happening with Web Access:
Team System Web Access in TFS 2010 Beta1
Until now, Team System Web Access was published as an out of band power tool. In this release and beyond, Web Access is now an integrated part of TFS, and it is installed by default when you install TFS.