"Deploying ALZ" assumes user is local to tenant

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture

https://aka.ms/alz

MIT License

1.65k stars 932 forks source link

"Deploying ALZ" assumes user is local to tenant #1679

Open kennethmac2000 opened 2 weeks ago

kennethmac2000 commented 2 weeks ago

Describe the bug "Deploying ALZ" assumes that the user deploying ALZ is local to the tenant.

This could be solved by replacing az login with az login --tenant <tenant_id>.

Note that for scope '/' (in the next command) to be correctly resolved, you need to have access to at least one subscription on the tenant you are logging in to, so that this subscription can be set as the default subscription. If you have created a brand new tenant to deploy ALZ to, it may not have any subscriptions. This point should also be called out.

jtracey93 commented 1 week ago

Hey @kennethmac2000

Thanks for the issue. Would you be up for submitting a PR to the doc to change/update this https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/Deploying-ALZ.md ?

Let us know

kennethmac2000 commented 1 week ago

Hi,

Probably not to be honest, as it would require further research to identify the exact nature of the problem - eg, do you need to have access to at least one subscription even if you are logging in to a tenant with a local user, or does this only apply if you are logging in to a different tenant?

It would then also need research and testing of the appropriate PowerShell commands, with which I am not so familiar.

This all takes time.

That said, if there is a way of splitting up the work required, I would be happy to contribute. :) I just don't have time to do it from start to finish.