Provide a name for the access template such as, "Deny - Modify Azure License"
Click Add, select 'Only the following classes' and check off 'EDS-Azure-User', click Next.
Select 'Object property access', check off 'Deny permission', check off 'Write properties', click Next.
Select 'The following properties' and check off 'Show all possible properties', check off 'edsaAzureSubscribedSkus', click Finish.
Repeat the same steps for the class 'User'
it should be listed the permission as 'Deny, Write edsaAzureSubscribedSkus, User' and 'EDS-Azure-User', click Next.
Once the Access Template is created, it can be assigned to the appropriate scope and users/groups to deny access to the 'License from Azure Properties' for hybrid user accounts.
If the same is required for cloud-only users, assign it as well at the container Configuration from the Active Roles MMC.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center