How to skip OrchestrationStep related to MFA (ClaimsExchange) if current session is already active
We have a CombinedSignInAndSignup step that displays a login prompt if the session is not active. This step is followed by a ClaimsExchange, which handles phone SMS or call authentication. When there is an active session (whether ‘Keep me signed in’ is…
JWT ID token using different jwks uri which has appid parameter
JWT ID token generated in this Azure AD Application is using keys from "jwks_uri": "https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}" rather than using the keys from this link…
Entra ID patch sending Add instead of Replace
i'm working on setting up scim provisioning. I got creates to work and now running into issues with updating users. Specifically some fields are sending Add instead of Replace for the values. In this example below, I sent the create request with an…
Azure Container Apps - built-in OIDC for SPA?
From Azure Container Apps Docs, it claims to support codeless authentication for apps through configuration (easy auth). I deployed 2 apps to ACA, one Angular SPA, one API used by SPA, both without any code to support authentication as I want to utilize…
Entra Connect cloudsync (entra ID -> AD sync)
Dear, I am trying to do cloud syncronization from Entra ID to Active Directory via entra website. However this is not working. In the opposite direction it does (AD -> entra ID). Does anyone have any idea how I can solve this? I can press the…
Application proxy: different on-premises and cloud identities
Hello, perhaps someone can give examples of what you mean by these settings? Unfortunately I didn't find…
Use certificate/FIC for Azure Data Explorer service connector on ADO
Hi team, our current azure data explorer service connector uses service principal key and secrets to authenticate. However, in response to a security incident we're solving, we need to convert the service connector to use SNI and certificates for…
Change mfa method option
I have used this document to create sign in with MFA method choice. https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-email-or-phone Once user selects the mfa method, I'm persisting it in extension_mfaByPhoneOrEmail attribute. When user…
How to create/ delete user via API using grant type as client_credentials
We are able to create token but unable to create and delete user. { "error": { "code": "AuthorizationFailed", "message": "The client 'f04c77f3-530e-416d-a165-42304fb90583' with object id…
Azure B2C Password does not match error bad behaviour
We have developed a project with Azure B2C and by testing we have detected that when registering, when the passwords do not match, the browser does not go up directly to show you the error message, it remains at the bottom of the page screen, with other…
Proxy.pac for Internet access profile
I'm trying GSA and I have a question about how to handle exceptions in the Internet access profile How can I set exceptions in the Internet access profile like in Proxy.Pac?
AAD Sync errors 8344 on export for a small number of accounts
Good morning hive mind! I am struggling to find what is causing error 8344 on just 8 accounts on Export sync with AAD, getting error 8344 "Insufficient access rights to perform the operation" we have enabled inheritance on the MSOL account,…
Azure AD B2C Login returns 400 after long idle time (with no error shown on UI)
After keeping the Azure B2C login screen idle for the whole night (put to sleep), and then logging in with the same login page the next morning, it returns 400 bad request, silently failing without showing any errors on the UI. The same issue is…
Azure Single Sign On with SAML - IDX10214: Audience validation failed issue
Hello, I have a sample application that is trying to facilitate single sign on using SAML and I am able to authenticate the user, but when I am getting the SAML response back from Azure, I am facing the below error: IDX10214: Audience validation failed.…
exporting query output report to csv
I have executed below query and it worked and i want to export report to csv, what parameters I should add? 'az graph query -q "Resources | where type =~ ''Microsoft.Compute/virtualMachines'' | project name, properties.storageProfile.osDisk.osType…
Network Security Group Settings When Use Microsoft Entra ID SSO.
Hi When I access from a VM to Snowflake in VNET and signin with Azure Entra ID SSO, What is need to set to Network Security Group? I think I need to set NSG allowed list about Entra ID, but I can't find it. And, I set NSG Entra ID's service tag but no…
Problème d'autorisation lors de la récupération de photos OneDrive personnel avec PowerShell et Microsoft Graph API
Bonjour, J'essaie d'extraire massivement des liens URL de photos situées dans mon OneDrive personnel à l'aide de PowerShell et de l'API Microsoft Graph. J'ai créé un compte Azure et une application appelée "PowerShell Graph API OneDrive…
Tenant and Subscription migration
Afternoon to all, I'm hoping I can some advise and read points on the following. I'll try and be concise and include all relevant details, but if you have questions about each environment, then let me know. We are a smallish company about 50 employees,…
How do I configure IP Restriction in Entra P1
We setup Entra P1 and activated an IP restriction on one user as a test. The user reports they can still access outlook email on their phone even though it’s not the whitelisted IP address - Any other configuration to do? I also checked my home PC…
Conditional access policy in reporting mode shows unknownFutureValue
Hi There, I have a conditional access policy configured in report-only mode to enforce MFA for device registration. The report-only data shows no hits for report-only success or interrupted state; rather it shows some hits with status as…