none
Azure Stack Global Admin privilege RRS feed

  • Question

  • Why is the global admin privilege required for ASDK deployment? As my organization is questioning me on why it is required? 

    As its the root level access and has the ability to remove licenses. So can i get a justification on why it is a mandatory requirement?

    Tuesday, August 27, 2019 10:24 AM

All replies

  • As im unable to proceed further with errors telling "Forbidden access" as i dont have Global privilege permissions.Thanks in advance

    Tuesday, August 27, 2019 10:26 AM
  • Hi, 

    Only Global Admins can install Azure ASDK. This is because, when you install the SDK, and choose an Azure subscription identity provider, you need an internet connection, the full name of an Azure AD directory tenant in the form of domainname.onmicrosoft.com, or an Azure AD verified custom domain name. You also need global admin credentials for the specified directory. 

    Reference: https://docs.microsoft.com/en-us/azure-stack/asdk/asdk-install

    Regards, 

    Msrini

    Tuesday, August 27, 2019 11:58 AM
    Moderator
  • Agreed to the point that we need global admin access but my question is why cant a local admin install the ASDK? why is there a special permission required. what are the files that it is trying to access when its deploying the asdk.
    Tuesday, August 27, 2019 12:07 PM
  • I meant AD directory. Not the directory which contains files and folders. 

    You also need global admin credentials for the specified directory. 

    Regards, 

    Msrini

    Tuesday, August 27, 2019 1:34 PM
    Moderator
  • There are 2 different ways to install the ASDK: ADFS and AAD. 

    If you are deploying using ADFS, you will just need a local admin. If you are using AAD, you will need a global admin, as the ASDK needs to be able to perform several admin level reads and writes to integrate the ASDK with your AAD environment. 

    Tuesday, August 27, 2019 7:03 PM
    Moderator