Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In Azure Service Health, tenant-level and subscription-level access work differently. These differences determine which service health updates a user can see and who can view them. This article explains the access needed to use Azure Service Health.
Tenant admin account
When an organization signs up for Microsoft cloud services, Microsoft creates a secure space just for that organization. This space is called a tenant. It's where the organization manages its users, accounts, and access settings.
Some events or issues can affect the entire organization. These events are called tenant-level events, and the Azure Service Health portal shows them.
Tenant admin access means having special permissions to manage the organization's setup. People with these permissions, such as Global Administrators, Application Administrator, and others, can add or manage users, control access, and see organization-wide service health updates. Regular users don't see this information.
For more information about tenant-level roles, see Roles with tenant admin access.
To create a tenant account in Service Health, follow these steps:
- Sign in to the Azure portal: Go to the Azure portal and sign in with your credentials.
- Navigate to Microsoft Entra ID: From the Azure portal menu, select Microsoft Entra ID.
- Manage tenants: Navigate to Identity > Overview > Manage tenants.
- Create a new tenant: Select Create. On the Basics tab, choose the type of tenant you want to create, either Microsoft Entra ID or Microsoft Entra ID (B2C).
- Enter tenant details: On the Configuration tab, enter the following information:
- Organization name: Enter the name of your organization (for example, Contoso Organization).
- Initial domain name: Provide an initial domain name for your tenant (for example, Contosoorg).
- Country/Region: Select your desired country or region from the dropdown menu, or leave the default option.
- Review and create: Select Next: Review + Create. Review the information you entered and if everything is correct, select Create in the lower left corner. Your new tenant account is created with the domain contoso.onmicrosoft.com (this account is a sample account). Once the tenant is created, you're the first user and automatically assigned the Global Administrator role. You can then manage your tenant account and assign roles to other users as needed.
For more information:
| Scope | Access via Service Health Portal | Access via API | Access via Azure Resource Graphs (ARG) queries | Permissions required |
|---|---|---|---|---|
| Tenant | Yes | yes | No | Tenant Admin Role for see Roles with tenant admin access. |
| Subscription | Yes | Yes | Yes | Subscription reader role or equivalent. |
Subscription account
A subscription is an agreement with Microsoft to use one or more cloud services, where each subscription is associated with a tenant. Subscriptions are used to manage and organize resources in Azure.
Subscription-level events are specific to the resources within that subscription and users with the appropriate permissions can view them.
In Azure Service Health, subscription access allows users to view and manage various aspects of service health notifications and alerts.
Here are some key points about what a subscription access includes:
Viewing Service Health Events
- Users with subscription access can view service health events such as service issues, planned maintenance, health advisories, and security advisories. These events are specific to the resources within the subscription.
Creating Service Health Alerts
- Users can create Service Health alerts to receive notifications about Service Health events. The permissions required to create these alerts are like those for Azure Activity Logs.
Role-Based Access Control (RBAC)
- Manage subscription access through RBAC. Users must be granted the Reader role on a subscription to view Service Health events. For sensitive information, such as security advisories, elevated access is required. For more information, see Elevated access for viewing Security Advisories and Resource impact from Azure security advisories.
Filtering and Sorting Events
- In the Service Health portal, users can filter and sort events by subscription scope. These filters allow them to see service issues, health advisories, security advisories, and health history at the subscription level. See Azure Service Health Portal.
Access to Specific Endpoints
- There are specific endpoints for accessing detailed information about service health events. For example, the
events/{trackingId}/fetchEventDetailsendpoint provides detailed properties of a particular event, including sensitive information for security advisory events.
In the Service Health portal, you can filter and sort events by tenant or subscription scope. These filters allow you to see service issues, health advisories, security advisories, and health history at both the tenant and subscription levels.
For more information, refer to Resource impact from Azure security advisories.
Note
- You can't see tenant-level events within subscription scope on the UI.
- You can't see subscription-level events at tenant scope. Events published on Azure Service Health are mutually exclusive in view scope.