Getting AADSTS501204 Malformed jwt error while logging into Microsoft apps. how to resolve this?
I have changed password for my company account. since then I am facing malformed jwt error when I try to login into Microsoft apps. I am able to login to microsoft apps through browser with new password but unable to login through installed apps. It is…
We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later
Category : Azure AD B2C We have added federated login(Sign in with Google) to our application. Google IDP is working well for users having @gmail domain users but non gmail users , some of the users we are getting below error. "We encountered an…
Microsoft Entra Id - Sign In Log API
Hello Team, We could see there are four types of Sign-in logs as per https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins?source=recommendations#what-are-the-types-of-sign-in-logs. Is Sign-in API return all these type…
Restrict Microsoft Graph API permission
Hello, one of the applications in the tenant needs permissions to the Graph API AppRoleAssignment.ReadWrite.All with the Application type in order to automatically manage AppRoles assignment in the application. However, these permissions pose a high…
Microsoft 365 Defender - How to get more meaningful email alerting?
How can I get more meaningful email alerts using the Microsoft 365 Defender? Because every time I get the email alert, the email is not as informative like the below: Microsoft 365 Defender has detected a security threat in your environment View incident…
Why has my long running 90 day inactive Guest Access Review suddenly start using non-interactive sign-in instead of interactive sign in timestamps?
Hello, I have been running the above mentioned access review for probably 2 years without major issues. Recently it seems that the reviews have switched to looking at non-interactive sign-ins as well as interactive sign ins. There is really two issues…
Can I put the value of instanceDurationInDays in minutes for the QA while creating access reviews using powershell?
I am able to create an azure access reviews with Graph API 1.0 using PowerShell. Now, there is a property called instanceDurationInDays which should have an integer value. The access review will remain active for the number of days of the value of…
Using Azure AD as an identity provider in Keycloak-based applications: how can I add missing user data to my client applications?
Hello, I'm currently using Azure AD as my identity provider and Keycloak as my intermediary/broker for my client applications. However, I need some user attributes (such as phone, email, picture, and officeLocation) that aren't provisioned from Azure to…
AAD Sync errors 8344 on export for a small number of accounts
Good morning hive mind! I am struggling to find what is causing error 8344 on just 8 accounts on Export sync with AAD, getting error 8344 "Insufficient access rights to perform the operation" we have enabled inheritance on the MSOL account,…
Cannot register for Hardware Developer Program
I am trying to register for the Hardware Developer Program. I am logged into an account that is marked as Global Administrator when I check in Microsoft Entra admin centre ("Your Role: Global Administrator"). However I cannot progress through…
Connect-MgGraph : Invalid JWT access token. Connect-AzAccount : InteractiveBrowserCredential authentication failed
I need help and a solution to rectify the below error when executing the PowerShell Connect-* command. $TenantID = '22bb9241-65c8-45b4-94f9-7c151e154693' $AzSubscriptionID = 'd487514e-4317-447f-af79-5022d310f6bd' $paramConnectMgGraph = @{ Scopes =…
How to clear the account list in the Web Account Manager list of Accounts displayed by WAM Broker
I have a WPF desktop app that accesses an Azure WebAPI. It uses the MSAL library and when authenticating uses the WAM broker. When the list of accounts is displayed, there is an account of someone that used the computer once when I was logged on to the…
Authenticator App - can't remove greyed out account
Hello all, I'm stuck in a strange loop using the MS Authenticator App. I'm one of the admins at my school and I've registered my phone via https://account.activedirectory.windowsazure.com/securityInfo using the MS Authenticator App. I wanted to…
For Access Review in Entra ID, is there a way to configure email notification that the reviewer only gets one (1) email notifications for all the reviews pending instead of getting emails for all the users he/she has to review?
I want to configure email notification for Access Review so that reviewers will not be inundated with email notifications and might also miss some reviews because of the torrents of emails.
Cannot see linked subscription under new tenant
Hello everyone, From my main default directory, I created a new B2C tenant, and it was created successfully. My user account has global administrator rights under this new tenant. The new tenant is linked to my Pay-as-you-Go subscription, as shown in the…
Microsoft Entra Id - Provisioning Log API
Hello Team, Provisioning logs contain only user provisioning or it also contains any other provisioning like group, resource etc. I could see only user provisioning logs even though, we had created group provisioning. Group provisioning logs come…
Global Secure Access bypass (Internet and web filtering)
Hi, I understand in Global Secure Access "365" I can use a Conditional Access Policy to block access to 365 if not from "All Compliant Network locations" to prevent a user from pausing the Client. But If I want to use Global Secure…
How do I activate a free Entra ID P2 on my trial subscription
I am trying to go through the instructions here: https://learn.microsoft.com/en-us/training/modules/allow-users-reset-their-password/4-exercise-set-up-self-service-password-reset Go to Microsoft Entra ID > Password reset. Select Get a free Premium…
How to allow users to register for MFA from home without excluding them from location based conditional access policies
We have a requirement where in small number of cases users (new starters or MFA issues) need to register for MFA from a remote location. We have a conditional access policy which restricts access to Azure cloud apps from outside corporate office. We…
Problem with "exclude" user/target resource in conditional access policy
Hi, I have been trying to restrict 1 user to access only 1 app on Azure Entra ID, so I use the condition access policy under security tab. I have put the conditions as follows: user: userx@microsoft.com Target Resources: Include All cloud apps &…