This guide will show you how to authorize read only access for MCIT
In certain instances, MCIT may necessitate a requirement to connect with read only access to your Azure environment.
Please Follow all three steps below
Step One: Create Azure AD Account & Assign Access
1. Follow this link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview
2. Click +Add then User
3. Enter the user name: mcitreadaccess
4. In the user name drop down select the most appropriate domain
5. Enter the name: MCIT Read Access
6. Under Roles click user (as shown with the red arrow in the below screen shot)
7. Tick "Directory Readers" and click select
8. Click Create
Step Two: Grant Access to the Subscription for the New Account
-
Follow this link:
https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBlade - Click on the applicable subscription (if more than one repeat below steps)
- Click “Access control (IAM)”
- Click +Add then Role assignment
-
Select Job function roles then next
- Select Reader then Next
- Click + Select members
-
Find the user you created in step one and click it
-
Click Select
-
Click Next
-
Click Review and Assign
- Click +Add then Role assignment
-
Select Job function roles then next
- Select Billing Reader then Next
- Click + Select members
-
Find the user you created in step one and click it
-
Click Select
-
Click Next
-
Click Review and Assign
Step Three: Provide Details to MCIT
1. Share the full username (UPN) in one reply to MCIT support
2. Share password with MCIT support in another reply. We will change the password as soon as we log in and add MFA if required.
For security enhancement, we suggest you enable or enforce 2FA/MFA on this account
Appendix A: Revoke Access (optional)
- Navigate to: https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers
- Select the user created above
-
Click the “edit” button
- Untick "account enabled"
-
Click Save