You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-azure-virtual-desktop-architecture/includes/6-recommendations-subscriptions-management-groups.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,13 +18,13 @@ Global Administrators should consider the following scenarios for elevating acce
18
18
19
19
Microsoft Entra ID and Azure resources are secured independently from one another.
20
20
21
-
Microsoft Entra role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Microsoft Entra ID. However, if you are a Global Administrator in Microsoft Entra ID, you can assign yourself access to all Azure subscriptions and management groups in your directory. Use this capability if you don't have access to Azure subscription resources. For example, for virtual machines or storage accounts, and you want to use your Global Administrator privilege to gain access to those resources.
21
+
Microsoft Entra role assignments don't grant access to Azure resources, and Azure role assignments don't grant access to Microsoft Entra ID. However, if you're a Global Administrator in Microsoft Entra ID, you can assign yourself access to all Azure subscriptions and management groups in your directory. Use this capability if you don't have access to Azure subscription resources. For example, for virtual machines or storage accounts, and you want to use your Global Administrator privilege to gain access to those resources.
22
22
23
-
When you elevate your access, you will be assigned the User Access Administrator role in Azure at root scope (/). This allows you to view all resources and assign access in any subscription or management group in the directory. User Access Administrator role assignments can be removed using Azure PowerShell, Azure CLI, or the REST API.
23
+
When you elevate your access, you'll be assigned the User Access Administrator role in Azure at root scope (/). This allows you to view all resources and assign access in any subscription or management group in the directory. User Access Administrator role assignments can be removed using Azure PowerShell, Azure CLI, or the REST API.
24
24
25
25
You should remove this elevated access once you have made the changes you need to make at root scope.
:::image type="content" source="../media/elevated-access-recommendation-image1-c59d173e.png" alt-text="Screenshot of elevate access.":::
28
28
29
29
30
30
## Elevate access for a Global Administrator
@@ -35,27 +35,27 @@ Follow these steps to elevate access for a Global Administrator using the Azure
35
35
2. Open **Microsoft Entra ID**.
36
36
3. Under **Manage**, select **Properties**.
37
37
38
-
:::image type="content" source="../media/elevated-access-recommendation-image2-d645c7e4.png" alt-text="Select Properties for Microsoft Entra properties.":::
38
+
:::image type="content" source="../media/elevated-access-recommendation-image2-d645c7e4.png" alt-text="Screenshot of select Properties for Microsoft Entra properties.":::
39
39
40
40
41
41
4. Under **Access management for Azure resources**, set the toggle to **Yes**.
42
42
43
-
:::image type="content" source="../media/elevated-access-recommendation-image3-1f9dd851.png" alt-text="Access management for Azure resources.":::
43
+
:::image type="content" source="../media/elevated-access-recommendation-image3-1f9dd851.png" alt-text="Screenshot of access management for Azure resources.":::
44
44
45
45
46
-
When you set the toggle to **Yes**, you are assigned the User Access Administrator role in Azure role-based access control (RBAC) at root scope (/). This grants you permission to assign roles in all Azure subscriptions and management groups associated with this Microsoft Entra directory. This toggle is only available to users who are assigned the Global Administrator role in Microsoft Entra ID.
46
+
When you set the toggle to **Yes**, you're assigned the User Access Administrator role in Azure role-based access control (RBAC) at root scope (/). This grants you permission to assign roles in all Azure subscriptions and management groups associated with this Microsoft Entra directory. This toggle is only available to users who are assigned the Global Administrator role in Microsoft Entra ID.
47
47
48
48
When you set the toggle to **No**, the User Access Administrator role in Azure role-based access control (RBAC) is removed from your user account. You can no longer assign roles in all Azure subscriptions and management groups that are associated with this Microsoft Entra directory. You can view and manage only the Azure subscriptions and management groups to which you have been granted access.
49
49
50
50
5. Click **Save** to save your setting.
51
51
52
-
This setting is not a global property and applies only to the currently signed in user. You can't elevate access for all members of the Global Administrator role.
52
+
This setting isn't a global property and applies only to the currently signed in user. You can't elevate access for all members of the Global Administrator role.
53
53
54
54
6. Sign out and sign back in to refresh your access.
55
55
56
56
You should now have access to all subscriptions and management groups in your directory. When you view the Access control (IAM) pane, you'll notice that you have been assigned the User Access Administrator role at root scope.
57
57
58
-
:::image type="content" source="../media/elevated-access-recommendation-image4-3309fa02.png" alt-text="Subscription role assignments with root scope.":::
58
+
:::image type="content" source="../media/elevated-access-recommendation-image4-3309fa02.png" alt-text="Screenshot of subscription role assignments with root scope.":::
59
59
60
60
61
61
7. Make the changes you need to make at elevated access.
@@ -70,7 +70,7 @@ To remove the User Access Administrator role assignment at root scope (/), follo
70
70
71
71
If you try to remove the User Access Administrator role assignment on the Access control (IAM) pane, you'll see the following message. To remove the role assignment, you must set the toggle back to **No** or use Azure PowerShell, Azure CLI, or the REST API.
72
72
73
-
:::image type="content" source="../media/elevated-access-recommendation-image5-e717d5cb.png" alt-text="Remove role assignments with root scope.":::
73
+
:::image type="content" source="../media/elevated-access-recommendation-image5-e717d5cb.png" alt-text="Screenshot of remove role assignments with root scope.":::
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-azure-virtual-desktop-architecture/includes/7-configure-location-azure-virtual-desktop-metadata.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
Azure Virtual Desktop is currently available for all geographical locations. Administrators can choose the location to store user data when they create the host pool virtual machines and associated services, such as file servers. Learn more about Azure geographies at the [Azure datacenter map](https://datacenters.microsoft.com/globe/explore/).
2
2
3
-
:::image type="content" source="../media/client-access-af6b0cff-3d7e822f.png" alt-text="Graphic of Azure Virtual Desktop is currently available for all geographical locations.":::
3
+
:::image type="content" source="../media/client-access-af6b0cff-3d7e822f.png" alt-text="Screenshot of of Azure Virtual Desktop is currently available for all geographical locations.":::
4
4
5
5
6
6
Microsoft doesn't control or limit the regions where you or your users can access your user and app-specific data.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-azure-virtual-desktop-architecture/includes/8-recommend-configuration-for-performance-requirements.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ You can collect and act on the same monitoring data from Azure virtual machines
12
12
13
13
Virtual machines in Azure generate [logs](/azure/azure-monitor/platform/data-platform-logs) and [metrics](/azure/azure-monitor/platform/data-platform-metrics) as shown in the following diagram.
14
14
15
-
:::image type="content" source="../media/azure-monitor-for-azure-virtual-desktop-image-c1a9c700.png" alt-text="Overview of Azure Monitor for Windows Virtual Machines.":::
15
+
:::image type="content" source="../media/azure-monitor-for-azure-virtual-desktop-image-c1a9c700.png" alt-text="Screenshot of overview of Azure Monitor for Windows Virtual Machines.":::
0 commit comments