Поделиться через


Azure Rights Management - No Subscriptions Found when we click on the Advanced Feature button on the Rights Management Page

 

So it was about time that someone wrote an article about Advanced Feature option on the Rights Management Page.

But first of all what is Azure Rights Management?

Almost every organization is Internet-connected these days, with users bringing personal device to work, accessing company data on the road and home, and sharing sensitive information with important business partners. As part of their daily work, users share information by using email, file-sharing sites, and cloud services. In these scenarios, traditional security controls (such as access control lists and NTFS permissions) and firewalls have limited effectiveness if you want to protect your company data while still empowering your users to work efficiently.

https://technet.microsoft.com/en-in/library/jj585026.aspx

How do we enable it on the Office 365 Portal?

https://technet.microsoft.com/en-us/library/jj658941.aspx

Going a little deep and you can create and manage custom templates in the Azure Management Portal. You can do this directly from the Azure Management portal, or you can sign in to the Office 365 admin center, and choose the advanced features for Rights Management, which then redirects you to the Azure Management portal.

More about the Advance Feature for Rights Management: https://technet.microsoft.com/en-in/library/dn642472.aspx

But I am not here to talk about the advanced feature here. But more of when we decide that we want to go ahead and try this out and we end up with an error.

No Subscriptions Found when we click on the Advanced Feature button on the Rights Management Page

When we click on the advanced features button on the rights management page (Figure 1) we get a message like the one in Figure 2.

Figure 1

clip_image002

Figure 2.

clip_image002[4]

So what happened here?

I am logged onto the office365 with kaustubh@kausd.onmicrosoft.com . So the tenant here is kausd.onmicrosoft.com.

Office 365 account: kaustubh@kausd.onmicrosoft.com

What is a Tenant?

We as cloud users would often hear the term “tenant” a lot. As per oxford tenant would mean: a person who occupies land or property rented from a landlord.

Same way in office 365 it means your own space and in general it is denoted by .onmicrosoft.com.

So if one company has an office 365 name space abc@domain.onmicrosoft.com then no other company can use the same name space.

Now when I click on the advanced features button it takes us tohttps://account.activedirectory.windowsazure.com/.

This page would land us on Azure Management portal once it verifies that we have a subscription associated with my account with which I am logged in on office 365.

For example, Azure Space will look if my account Kaustubh.kausd.onmicrosoft.com has a subscriptions associated with it, if found it will check if my account is a Service administrator or a co-administrator.

In case it does not find that my account satisfies any of the conditions mentioned above it will throw a message like the one in Figure 2.

What is Microsoft Azure?

What is Azure? In short, it’s Microsoft’s cloud platform: a growing collection of integrated services—compute, storage, data, networking, and app—that help you move faster, do more, and save money. But that’s just scratching the surface.

https://azure.microsoft.com/en-us/overview/what-is-azure/

In case if any one of them is not true we will get message we saw in figure 2.

Now let’s look at how to resolve this kind of issue.

Scenario 1:

Some of the users are confused if they have or don’t have an Azure Account.

So let’s check that by visiting https://manage.windowsazure.com and see if we can login here or not.

Login with the same account the account as of office365. At this point you will be logged of from Office365 if the login to the Azure Portal Succeeds.

Under setting section look if he we have the subscription associated with the Directory that you intend to use (Figure 3). In my case it would be kausd.onmicrosoft.com.

Now in starting I could never logon to the Azure portal with the Kaustubh@kausd.onmicrosoft.com because of the reason that kausd.onmicrosoft.com was not associated with any subscription.

I have multiple directories (Figure 3) and the default directory was the one that had the subscription associated with it. So I had to first login to the portal as a global administrator (Figure 4) where the account used is kausd@outlook.com.

Figure 3

image

Figure 4

image

kausd@outlook.com was the account through which I first signed up for my Azure Account.

Under setting section and click edit directory (Figure 5) and (Figure 6).

Figure 5

image

Figure 6

image

NOTE: For this change you have to be a Global Administrator.  Once you associate the directory you need to make Kaustubh@kausd.onmicrosoft.com either a service administrator or a co-administrator.

For this we need to go to the Active Directory section select the Directory you (kaustubh@kausd.onmicrosoft.com) belong to.

clip_image012

Under users tab look for the account and once you expand that you would see a section where a role can be assigned (Figure 7). Again I have to be a global administrator for this.

Figure 7

image

Here I have made Kaustubh@kausd.onmicrosoft.com as the service administrator.

Once done with these steps we should be done.

Scenario 2:

In case we don’t have an Azure Subscription then we can always sign up for a trial.

We need to click on sign up for Windows Azure and then we can proceed with procedure in Scenario 1.

I hope you find the above given information helpful and useful. Welcome to the Microsoft Rights Management world.

Author:

Kaustubh Dwivedi
Microsoft Security Support Engineer

Reviewer:

NITIN SINGH
Microsoft Security Support Escalation Engineer