How to activate Azure Active Directory Authentication for an App Service while avoiding “You do not have permission to view this directory or page.” errors

  1. In the App Service’s Authentication / Authorization menu blade
    1. Set App Service Authentication to On
    2. Action to take when request is not authentication should be Log in with Azure Active Directory
    3. Create a new Azure AD App
    4. Test logging into your web app and confirm it doesn’t work, failing with this error message You do not have permission to view this directory or page.
  2. Then, in your organization’s Azure Active Directory section
    1. Go to App registrations -> YourApp -> API permissions
    2. Remove any PowerApps Runtime Service permissions (in my case, it was user_impersonation)
    3. Wonder why it was necessary for this permission to be added by default, then go on with your life

How to log into the right subscription using the Azure CLI

az login --tenant <your-tenant-id>

# check your subscriptions, see what's default and what's not
az account list --output table

# just in case you want to see the tenants, too
az account list --output table --query "[].{tenant:homeTenantId, name:name, id_:id, isDefault: isDefault, state:state}"

# set the default subscription, this is the one you'll run your commands against
az account set --subscription "<your-subscription-id>"

Naming guidelines/conventions for Azure resources

These guides from Microsoft Learn are quite good:

Ip Forbidden (CODE: 403) when trying to deploy an Azure Function from a GitHub action

The error message:

  Error: Failed to fetch Kudu App Settings.
Ip Forbidden (CODE: 403)
    at Kudu.<anonymous> (/home/runner/work/_actions/Azure/functions-action/v1/lib/appservice-rest/Kudu/azure-app-kudu-service.js:69:23)
    at Generator.next (<anonymous>)
    at fulfilled (/home/runner/work/_actions/Azure/functions-action/v1/lib/appservice-rest/Kudu/azure-app-kudu-service.js:5:58)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

In my case, the Azure Function’s Networking policy had been changed to Public network access=Disabled. Solved this by adding a private endpoint to the function, setting Integrate with private DNS zone = No.

App Service Docker Logs

I always forget these

  • https://.scm.azurewebsites.net/
  • https://.scm.azurewebsites.net/api/logs/docker and search for latest *default_docker.log

Plus, things I should know – https://learn.microsoft.com/en-us/archive/blogs/waws/things-you-should-know-web-apps-and-linux

Getting access to an Azure Subscription as a Global Admin

  1. https://aad.portal.azure.com/
  2. Go to Microsoft Entra ID
  3. Go to Properties tab and enable <your name> can manage access to all Azure subscriptions and management groups in this tenant.

Original response


@Rakeshmbr by default you will never get access on the subscriptions you have to request the owner of the subscription to provide the access . How ever if you are a global admin you can elevate your access 
1. Sign in to the [Azure portal](https://portal.azure.com/) or the [Azure Active Directory admin center](https://aad.portal.azure.com/) as a Global Administrator.
2. If you are using Azure AD Privileged Identity Management, [activate your Global Administrator role assignment](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-activate-role).
3. Open Azure Active Directory.
4. Under Manage, select Properties.
5. Under Access management for Azure resources, set the toggle to Yes.

ref the below URL 

[Elevate access to manage all Azure subscriptions and management groups | Microsoft Learn](https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin)

– via MS Tech Community

Azure/Office Admin Urls

Guest users unable to assign roles to other users (cannot see them)

Sign in to the Azure portal by using Global Administrator. If applicable, switch to the directory where the guest user was added. Go to Microsoft Entra ID. Go to User Settings. Change the Guest users permissions are limited setting to No, and then select Save.

Or do this on a case by case basis using the power of PowerShell – https://learn.microsoft.com/en-us/troubleshoot/azure/general/cannot-see-users-groups-list-iam