by Contributed | Apr 21, 2023 | Technology
This article is contributed. See the original author and article here.
Today, we worked on a service request that our customer got the following error message : Managed Instance needs permissions to access Azure Active Directory. You need to be a ‘Company Administrator’ or a ‘Global Administrator’ to grant ‘Read’ permissions to the Managed Instance.
Azure SQL Managed Instance needs permissions to read Azure AD to successfully accomplish tasks such as authentication of users through security group membership or creation of new users. For this to work, we need to grant the Azure SQL Managed Instance permission to read Azure AD.
We can do this using the Azure portal or PowerShell. This operation can only be executed by Global Administrator or a Privileged Role Administrator in Azure AD.
You can assign the Directory Readers role to a group in Azure AD. The group owners can then add the managed instance identity as a member of this group, which would allow you to provision an Azure AD admin for the SQL Managed Instance. That means you need to have Global Administrator or Privileged Role Administrator access to provide the read permission to the SQL MI.
Directory Reader role
In order to assign the Directory Readers role to an identity, a user with Global Administrator or Privileged Role Administrator permissions is needed. Users who often manage or deploy SQL Database, SQL Managed Instance, or Azure Synapse may not have access to these highly privileged roles. This can often cause complications for users that create unplanned Azure SQL resources, or need help from highly privileged role members that are often inaccessible in large organizations.
For SQL Managed Instance, the Directory Readers role must be assigned to managed instance identity before you can set up an Azure AD admin for the managed instance.
Assigning the Directory Readers role to the server identity isn’t required for SQL Database or Azure Synapse when setting up an Azure AD admin for the logical server. However, to enable an Azure AD object creation in SQL Database or Azure Synapse on behalf of an Azure AD application, the Directory Readers role is required. If the role isn’t assigned to the SQL logical server identity, creating Azure AD users in Azure SQL will fail. For more information, see Azure Active Directory service principal with Azure SQL.
Supported Article: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-directory-readers-role?view=azuresql#assigning-the-directory-readers-role
by Contributed | Apr 20, 2023 | Technology
This article is contributed. See the original author and article here.
Many database administrators ask questions like “What rows have changed for a table?” and “How has that row changed in that table?”. Change Tracking is a lightweight solution built right into the SQL Database that gives you the ability to query for data that has changed over time. In this episode of Data Exposed, join Anna Hoffman and Brian Spendolini as we explore this powerful feature of the database. Learn how to enable Change Tracking in your database, what are the best uses cases, and how it can save you massive amounts of time and effort over developing custom, one-off solutions.
Watch on Data Exposed
Resources:
View/share our latest episodes on Microsoft Learn and YouTube!
by Contributed | Apr 20, 2023 | Business, Hybrid Work, Microsoft 365, Technology, Viva Goals, Viva Learning, Viva Topics, Work Trend Index
This article is contributed. See the original author and article here.
Today, we’re excited to announce Copilot in Microsoft Viva, along with the introduction of Microsoft Viva Glint, to help organizations create a more engaged and productive workforce.
The post Introducing Copilot in Microsoft Viva—A new way to boost employee engagement and performance appeared first on Microsoft 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Contributed | Apr 19, 2023 | Technology
This article is contributed. See the original author and article here.
As mentioned in previous posts, 11/11/2021 and on 11/15/2022, Office 2013 reached the end of the Extended Support lifecycle on April 11, 2023. Continuing to use Office 2013 could increase your organization’s exposure to security risks, impact your ability to meet compliance obligations, and/or affect end user productivity.
Additionally, support for other Microsoft Office products is also coming to an end in the next months. Please review the following list and act before the end of the product’s lifecycle:
- Office 2019 for Mac reaches end of support on October 10, 2023. This means Office 2019 for Mac will no longer receive security updates, bug fixes, technical support, or online technical content support.
- Connecting Office 2016 and Office 2019 to Microsoft 365 reaches end of support on October 10, 2023. After this end date we won’t block these Office versions from connecting to Microsoft 365 services if they are kept up to date. But after October 10, 2023, improvements to Microsoft 365 services will no longer be tested with these Office versions, so, users could experience performance or reliability issues. Read more about this in our Microsoft Learn article.
If you’re running a version affected by any of the end of support dates, we recommend upgrading to Microsoft 365 E3, which comes with Microsoft 365 Apps – the apps you’re familiar with (e.g., Word, Excel, PowerPoint, Outlook, etc.). It falls under the Modern Lifecycle Policy, so it’s continuously supported.
Here are some resources to help plan the move:
Please visit our Office End of Support community for more information and resources about end of support for Office.
Thanks again for being a Microsoft customer!
by Contributed | Apr 18, 2023 | Technology
This article is contributed. See the original author and article here.
Two years ago, we shared that “It’s Time to Hang Up on Phone Transports for Authentication.” Today, we’re adding the public preview of Authenticator Lite to the tools we are offering to help you move from text message (SMS) and voice-based authentication. Our priority is getting every user to sign in with modern strong authentication – passwordless, hardened against phishing, easy to use and adaptable to evolving attacks.
Our top recommendation for modern strong authentication is the Authenticator, which offers the most robust security features, updated the most frequently, for free. Microsoft Authenticator app has over 100 million users worldwide who trust it as a secure and easy way to authenticate, making it the most popular way to sign in with strong authentication in Azure.
Because modern strong authentication is so important, we’re making it even more accessible by embedding it right into the Outlook client! We call this embedded experience Authenticator Lite – and we’re excited to announce it is now in public preview! For users that haven’t yet downloaded Authenticator, they can now complete MFA for their work or school account for free using the Outlook app on their iOS or Android devices. Users can approve authentication requests and receive TOTP codes, bringing the security of Authenticator to a convenient location while simplifying users’ move off phone transports for authentication.
During public preview, admins can choose to enable or disable this capability for a group of users or to leave the feature in a Microsoft managed state. Enabling a group for Authenticator Lite is possible from the Entra portal via the Authenticator configuration page. It’s also possible to enable the feature through MS Graph.
Authenticator Lite, as the name suggests, will extend a subset of the Authenticator’s capabilities into Outlook. Each verification notification will include a number matching prompt and biometric or pin verification if enabled on the device. More information on the Authenticator Lite notification configurations can be found here.
Once enabled for Authenticator Lite, users on the latest version of Outlook without the Authenticator app will be prompted to register Outlook as an MFA method when they launch the app on their device.
Once users are registered, during their next authentication, users will be prompted to authenticate using a push notification in their Outlook app.
Registered users will also have access to a TOTP code found in their Outlook settings under Authenticator.
For more information on enabling this feature for your users, see here. Rollout to support this feature in Outlook is currently underway.
This feature will roll out to tenants in the state ‘Microsoft managed’. For the duration of public preview, leaving the feature set to ‘Microsoft managed’ will have no impact on your users and the feature will remain turned off unless you explicitly change the state to enabled. In late April 2023, we will remove preview tags and enter general availability. On May 26, 2023, if the feature is left set to ‘Microsoft managed,’ your tenant will be enabled for Authenticator Lite by Microsoft. If you do not wish for this feature to be enabled on May 26, set the state to ‘disabled’ or assign users to include and exclude groups prior to May 26.
We hope you and your users enjoy this new feature, and, as always, please let us know of any questions or feedback by leaving comments down below or reaching out to us at aka.ms/AzureADFeedback.
Regards,
Alex Weinert
VP Director of Identity Security, Microsoft
Microsoft Identity Division
Learn more about Microsoft identity:
Recent Comments