Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Log Analytics is the system used to run Services Hub On-Demand Assessments. Currently, user management is handled through the Azure portal (not the Azure Log Analytics-specific user management features). This provides customers the capability to add, remove, and configure assessment and linking. Scenario 2 is for Azure Log Analytics access only, and people with @microsoft email addresses should follow Scenario 2.
To add a new user to an Azure subscription, follow these steps.
Add a New User to an Azure Subscription
Note
Only someone with an "Owner" designation can add users to a subscription.
Scenario 1 - Add someone from your organization/tenant
Sign in to Microsoft Azure portal and navigate to Subscriptions in the left-hand navigation bar. If you don't see Subscriptions, scroll down and select More Services and search for it.
Once selected, Subscriptions displays a list of the Azure Subscriptions your organization manages.
Select the Azure subscription associated with the Azure Log Analytics workspace and linked to the Services Hub account you want to add users to.
Select Access Control, then Add.
Next, select a Role and add the email address of the person you want to add. Once done, select Save.
Note
We recommend you add users as an Owner or Contributor to ensure that users have the permission needed in Azure Log Analytics to add, remove, and configure assessments.
If you added people using their Microsoft Accounts/Live IDs, see Authenticating a Managed Services Account Holder in Azure.
Scenario 2 - Adding someone from outside your organization/tenant
Sign in to the Azure portal and navigate to Log Analytics in the left-hand navigation bar.
Once selected, Log Analytics displays a list of the Azure Log Analytic workspaces within your organization manages.
Select the Azure Log Analytics workspace linked to your Services Hub that you want to add users to.
Select Access Control, then Add.
Next, select a Role and add the email address of the person you want to add. Once done, select Save.
If the user you add isn't part of your tenant, that user receives an email message to finish the process and have access to the Azure Log Analytic workspace. If the portal doesn't let you invite the email ID you're trying to add, your Microsoft Entra Global Administrator might have blocked Invite Guest Users feature. To learn how to invite guest users, see Invite Guest users to your active directory.
Note
We recommended you add users as a Log Analytics Reader to grant @microsoft users access to your Azure Log Analytics workspace to view your assessments. They don't have access to your Azure subscription.
Caution
If the "Invite External User" rule is blocked on Microsoft Entra, the option to invite a user is grayed out. You need to ask your Global Administrator to invite the @microsoft user using the following steps.
Sign in to the Azure portal and navigate to Microsoft Entra in the left-hand navigation bar.
Locate Roles and Administrators on the left pane, then search for Global Administrator
Once selected, you can see who the Microsoft Entra Global Administrator. Anyone on that list can invite a guest user.
