Search This Blog

Friday, October 14, 2016

Solved: Cannot delegete permissions in Azure AD for Microsoft live account

I needed to do a simple task, but in the end it wasn't as simple as I would imagine.
I had to delegate a User Admin role to a specific account.

So I went in Azure AD to User section, clicked Add, selected necessary Microsoft Live account, selected User Admin role. But the user didn't get those permissions.
More confusing was the fact that for other user this worked.

So after calling Microsoft support we found out that there was already existed a user with the same name (email address) and that user was synced to different Azure AD from local AD, and target user was not logging on with his Microsoft Live account, but synced user.

The resolution to this was to select "User in another Microsoft Azure AD directory" when delegating permissions:

No comments:

Post a Comment