This guide will show you how to authorize access for MCIT to provide temporary support.
Please Follow Both Step One and then Step Two,
Step One: Create Azure AD account & Assign Access
As this one is more complex than the usual support issues we have to manually investigate. The common reason for this is that our access has been blocked.
Log into https://portal.azure.com then go to "azure active directory" and add a new user called "mcit‐azure‐support@<your azure AD domain>.
Then make the user a global admin under “roles and administrators” in Azure Active Directory. Share the full username (UPN) and password with MCIT.
MCIT will change the password as soon as we log in.
Step Two: Grant Access to the Subscription for the new Account
Sign in to https://portal.azure.com with your owner/administrator account
In the search bar type: Subscriptions then click Subscriptions
- Click on the only subscription or if more than one is listed click on the one that has the MCIT deployment
- Click “Access control (IAM)” then click “Add a role assignment”
Select “Owner” for the Role field
- Select “Azure AD user, group, or service principal” for the Assign access to the field
Find the user named “mcit‐azure‐support” in the list and select it
Down the bottom of this role assignment box click on Save
Appendix A: Revoke Access
MCIT will disable the “mcit‐azure‐support” account once the support ticket is completed. If for any reason you wish to disable it sooner follow the below process. Please do not delete this account as it will impact our ability to support you.
- Type “users” in the Azure portal search and go to users.
- Select the “mcit‐azure‐support” user
Click the “edit” button above “block sign in”
Click “Yes” on the block sign in button and then Save up the top of the page.
If you have any questions about this configuration, please contact us at firstname.lastname@example.org.