允许访问MS Imagine,而不是Azure MP。 [英] Allow access to MS Imagine, not Azure MP.
问题描述
您好,
  Microsoft Imagine转移到Azure,我被指示不允许学生访问管理门户。
Microsoft Imagine moved to Azure and I've been instructed to not allow students access to the management portal.
我一直在尝试创建一个策略来阻止azure MP并允许他们访问到"教育 - 软件"。但是"教育 - 软件"没有显示在"所有资源"中。或者在政策菜单中。
I've been trying to create a policy to block the azure MP and allow them access to "Education - Software". But "Education - Software" is not shown in "All Resources" or in the policy menu.
我可以访问此网址 https://portal.azure.com/#blade/Microsoft_Azure_Education/EducationMenuBlade/software作为学生访问MS Imagine仅当学生有权访问MP时才分配的软件。
I can go to this URL https://portal.azure.com/#blade/Microsoft_Azure_Education/EducationMenuBlade/software as a student to access the MS Imagine software assigned only if the student has Access to the MP.
当学生可以访问MP时,它可以浏览AAD并查看其他用户的帐户详细信息,这对我们不利。如果我阻止向全局管理员以外的所有用户访问MP,则该学生将无法访问"教育 - 软件"。
When the student has access to the MP, it can browse the AAD and view other user's account details, which is not good for us. If I block access to the MP to all users except Global administrators the student loses access to "Education - Software".
有关如何解决此问题的任何建议吗?
Any suggestions on how to tackle this?
感谢您的时间。
推荐答案
Hello PUPR ,
感谢您与我们联系!
我知道您正在尝试 Azure for Education 提供并希望限制用户访问Azure管理门户,同时仍然允许访问上述URL
。
I understand that you are trying out the Azure for Education offering, and want to restrict user access to Azure Management Portal while still allowing access to the mentioned URL.
用于限制一个用户的访问权限通过浏览Azure Active Directory中的其他人详细信息,您可以使用 用户设置下的限制对Azure AD管理门户的访问权限设置 Azure的刀片
门户网站中的Active Directory。设置 否允许非管理员使用此Azure AD管理门户体验来访问用户有权阅读或管理其拥有的资源的Azure AD资源。 是 限制
所有非管理员访问管理门户中的任何Azure AD数据,但不限制使用PowerShell或其他客户端(如Visual Studio)进行此类访问。以下是供您参考的屏幕截图:
For restricting access of one user from browsing others' details in Azure Active Directory, you can use the Restrict access to Azure AD administration portal setting under the User Settings blade of Azure Active Directory in the Portal. Setting No lets a non-administrator use this Azure AD administration portal experience to access Azure AD resources that the user has permission to read, or manage resources they own. Yes restricts all non-administrators from accessing any Azure AD data in the administration portal, but does not restrict such access using PowerShell or another client such as Visual Studio. Here is a screenshot for your reference:
希望这有帮助!
这篇关于允许访问MS Imagine,而不是Azure MP。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
