I am searching for a valid answer whether we have to purchase an extra license for SCOM agent, or is it part of one license (System center suit)?
The intention to ask this question is that we already have a Microsoft System Center product suit license. Now, we want to install SCOM to manage 5000 servers. Is there any extra license purchase required to manage 5000 SCOM agents?
Related
I am facing this error while creating the Delivery Plan.
TF50309: The following account does not have sufficient permissions to complete the operation: Hosted Stakeholder License Security Subject. The following permissions are needed to perform this operation: Agile plans..
As it says, your user is assigned a Stakeholder license at the Organization level. You need a paid license to edit delivery plans. Either assign a Basic license or a Visual Studio Subscription to your account or ask your administrator to do that for you.
I am junior admin managing ADO 2020 on Prem . We have a developer who is able to create a work item in a board under a collection/project when logged in using ADO .
The developer is trying to automate work item creation using Power Automate . He is giving the correct information in Power Automate at the required fields. When trying to create a work item, he gets this error
Details: {"$id":"1","innerException":null,"message":"TF400813: The user '157adfsd-912f-4244-xxxx-b45fcasda\\firstname.lastname#domainname.com' is not authorized to access this resource.","typeName":"Microsoft.TeamFoundation.Framework.Server.UnauthorizedRequestException, Microsoft.TeamFoundation.Framework.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=acdb03fxxxxxxsdfdsdse","typeKey":"UnauthorizedRequestException","errorCode":0,"eventId":3000}
Question : From ADO 2020 side, is there any kind of permission I need to provide to the developer ? I am not 100 % sure why we get this error as the developer is manually able to create a work item.
To my understanding, Power Automate connects to Azure DevOps Services (that is, the cloud-hosted version of Azure DevOps) via OAuth, and when you are creating Power Automate flow for Azure DevOps, the tool tip when selecting an organization tells you to make sure that the Third Party application access via OAuth is enabled.
I don't think that the OAuth 2.0 authentication (https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops) is available for the on-premises version, so you might be out of luck there.
There is an answer to similar question in Power Automate-forum suggesting that the integration might be possible via installing an on-prem data gateway, but wouldn't really know if it's feasible.
https://powerusers.microsoft.com/t5/Connecting-To-Data/Power-Automate-with-Azure-Devops-Server-On-Premise/td-p/658618
I am trying to install the Azure DevOps Deployment Group Agent as described in
Provision agents for deployment groups.
Step 6 includes the following guidance: When prompted for the user account, press Return to accept the defaults.
However, the default configures the agent to run under the NT AUTHORITY\SYSTEM account, and I'm hesitant to give full access to a process that runs commands it obtained over the web. What are the minimum permissions/roles I need to give an agent so it will function properly?
Please follow this doc: Provision agents for deployment groups to accept the defaults configures the agent to run under the NT AUTHORITY\SYSTEM account, it is required for the agent to run without issues.
If you run it under other accounts/roles, it will fail with unexpected errors as reported here: https://developercommunity.visualstudio.com/t/running-azure-devops-agent-as-domain-account-fails/712546 and https://developercommunity.visualstudio.com/t/running-azure-devops-deployment-group-agent-using/1107600, etc.
In addition, there is a suggestion ticket in Developer community about this requirement. You can vote and follow this ticket. You can also create a new suggestion ticket here. The product group will review these tickets regularly, and consider take it as roadmap.
I am trying to setup Just in Time Access in Azure, so I have an account with subscription where I've enabled Security Center Standard edition (required for JIT). I've created there a Resource Group and a VM.
Now I took another account (let's call it a2#foo.com) and I've given it Reader privileges on the mentioned Resource Group and Contributor on VM and its Network Security Group.
After logging to the portal, a2#foo.com doesn't have access to JIT, because Subscriptions it owns don't have Security Center Standard enabled - these are separate subscriptions than the one mentioned earlier (so it's not possible to request JIT through the portal).
When I use PowerShell, I am able to select subscription where VM is deployed (Select-AzureRmSubscription), I am able to see that there is a JIT policy used there (Get-ASCJITAccessPolicy), but when I run Invoke-ASCJITAccess I get an error:
Invoke-ASCJITAccess : JIT VM Access requires a Standard tier subscription. For more info please visit aka.ms/asc-jit
Am I missing something or Just In Time Access works only on subscriptions you own?
Setting Contributor role for user a2#foo.com on the Resource Group solved the problem and this user is able to request JIT Access through PowerShell (not through portal).
I have a .net application from which i am managing Lync server. I used the cmdlets Get-CsUser, Get-Nonscientific, Grant-Cs, Set-CsUser, Move-CsUser, Enable-CsUser, Disable-CsUser, Set-CsClientPin. For this to work I have assigned group RTCUniversalServerAdmins and CSAdministrator.
can I minimise these permissions on user as it is holding higher privileges?
or any one has a document that will explain which cmdlets required which permission?
any help would be appreciated.
Have you seen these links:
Lync2013:
Group membership requirements for Lync Server 2013
and
Planning for role-based access control in Lync Server 2013
Skype For Business:
Windows PowerShell and Skype for Business Server 2015 management tools
and
Role-based access control (RBAC) for Skype for Business Server 2015
It looks like it's all modeled around the "Role-Based Access Control" concept in Lync.