access dedied to ressources

Anonymous

Hi, i am new to my company and trying to gain access to our actual resources ( VM) . i get a access denied message

πŸ‘ User's image

I am thinking i was not added to the proper group but its not something i can fix myself. can you help

0 comments No comments
Sign in to comment

Answer accepted by question author

Himanshu Shekhar 6,710 Reputation points β€’ Microsoft External Staff β€’ Moderator

@Dany Aubut

The root cause is that the signed-in account does not have an Azure RBAC role assigned on any subscription. While the user is successfully authenticated in the correct tenant, they are not associated with a subscription or granted RBAC permissions at the subscription or resource group scope. As a result, the Azure portal cannot enumerate virtual machines.

It is important to clarify that roles in Microsoft Entra ID (including Global Administrator) do not grant access to Azure resources such as VMs. Azure resource visibility and management are controlled exclusively through Azure RBAC.

The β€œWelcome to Azure / Don’t have a subscription?” screen appears when no subscriptions are visible to the signed-in user. The banner displaying a timestamp and correlation ID is a standard portal response that commonly appears when backend authorization fails due to missing permissions. This does not indicate that resources are deleted or unavailable.

To resolve this, a Subscription Owner or Contributor must:

  1. Open the correct Azure subscription
  2. Navigate to Access Control (IAM)
  3. Assign the user (or an associated security group) one of the following roles at the subscription or VM resource group scope:
  4. Reader (view-only access)
  5. Virtual Machine Contributor (VM management)
  6. Contributor (full resource management)
  7. After role assignment, the user should sign out and back in or access the portal using an InPrivate/Incognito session to refresh permissions.

Microsoft Documentation

Azure RBAC Overview https://learn.microsoft.com/azure/role-based-access-control/overview

Built-in Azure Roles (Reader, Contributor, VM Contributor) https://learn.microsoft.com/azure/role-based-access-control/built-in-roles

Assign Azure Roles Using the Portal https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal

Why Global Admin Cannot See VMs (RBAC vs Entra Roles) https://stackoverflow.com/questions/74469277/virtual-machines-not-accessible-in-azure

If you have any further queries, let me know. If the information is helpful, please click on Upvote and Accept Answer on it.

0 comments No comments
Sign in to comment

1 additional answer

  1. Jose Benjamin Solis Nolasco 8,561 Reputation points β€’ Volunteer Moderator

    Welcome to Microsoft Q&A

    Hello Dany Aubut, I hope you are doing well,

    You are absolutely correct in your assumption. This is a classic Role-Based Access Control (RBAC) issue, common for new employees.

    You successfully authenticated against the Azure AD tenant, which is why you can see the portal. However, you have zero RBAC assignments on any Azure Subscription. The "Welcome to Azure" screen is the default view for a user who has no read access to any subscriptions.

    You cannot grant yourself access. Your Azure Administrator (or team lead) must assign you an RBAC role.

    If I only need to look at the VMs: Assign 'Reader'.

    If I need to restart/manage them: Assign 'Virtual Machine Contributor'.

    • Please check if I need to be added to a specific Entra ID Group that grants these permissions."

    Where they should look: They need to go to the Subscription or Resource Group > Access control (IAM) > Add role assignment.

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer