I apologize about the delay but Custom RBAC Support is now available in Production. You are able to to create role definitions at the MG scope and assign them to inherited MGs and Subs.
There is a bug that is in the portal where the new custom role is not showing when you are trying to do a role assignment on an inherited child MG/Sub. This should be resolved soon and PowerShell, CLI, and API are all working. I will not do any announcements yet on the availability of the feature until the portal bug is fixed. Once that is fixed we will do blog announcements and I will mark the feature complete here.
Powershell for Remove-AzRoleDefinition is unable to remove the Role at Management Group level.
workaround is use Portal GUI
Custom Role : 'DataActions' is Not Supported for a new role definition at management group level.
Will try and revert.
288 votesstarted · 33 comments · Azure Key Vault » Managing application secrets · Flag idea as inappropriate… · Admin →
Start of new decade MS please help 🙃
WOW! it started! looking forward Microsoft! Thanks
+1 in simpler words, an item level security. i.e rbac per secret level
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
It would be great to allow local timezone variable too by default.
I understand, things are not that simple at your end but I think this is what can move everyone in the cloud direction.
Thanks for this feature suggestion!
+1. item level security i.e RBAC per secret/cert level
Key Vault Notification feature is currently in Public Preview and available in all public regions.
Notification overview :
It could be a UI glitch on new Set-AzSqlServerAudit commandlet.
As the log analytics config appeared after a reopened the browser.
But this one doesnt connect and Ui does NOT change
Set-AzDiagnosticSetting does not work At all.
I dont have access issues as i am Global admin
The DB Audit does not apply log analytics either :(
Set-AzSqlDatabaseAudit -ResourceGroupName $resourceRG -ServerName $resourceParent -DatabaseName $resourceName -LogAnalyticsTargetState Enabled -WorkspaceResourceId $LogAnalytics_URI -debug
The new command switches on the audit.
but Does NOT apply the Log analytics config.
There are no errors.
i tried this command on cloud shell.
Set-AzSqlServerAudit -ResourceGroupName $resourceRG -ServerName $resourceName -LogAnalyticsTargetState Enabled -WorkspaceResourceId $LogAnalytics_URI
You can import quickstart templates by going to New, search for “template deployment”, edit the template, and import a quickstart template from there.
We can add the ability to upload to GitHub, if that’s valuable to a lot of people.
It would be valuable to have similar functionality as you have in Azure Automation Accounts.
Attached some screenshots.
That's a limitation. I have a automation solution which relies on sending email. What are other options? can you help please.
Also the timer for 20 minutes is incorrect! After you reconnect the first 20 minutes timeout then you will be kicked out in 2 minutes :(
Above JSON is small example. As you know there are about 19 categories. So the policy will grow.
For every client this has to be diferent version, just because of the name diference.
Thank you for the feedback. I will share this with the Policy team to see what options they currently have or if this is on their roadmap.