Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
Is a P1/P2 Entra ID license per user or per tenant?
I am reading various articles about Microsoft cloud security features. Many of them list having a Entra ID P1 / P2 license as a prerequisite. But I am unclear on exactly what that means. On the Azure portal, the "All Services > Licenses"…
Azure Data Studio: adding Entra ID user account fails with "Error: read ECONNRESET"
Hello, we are facing the situation in our organization that some users (on specific laptops) have problems to add their personal Entra ID user accounts (formally Azure Active Directory) in Azure Data Studio. We tried Code Grant authentication as well…
Workday/Entra ID - Soft delete users without the "Delete" action selected?
We currently have Workday to Entra ID user provisioning enabled with the "Create" and "Update" actions allowed and "Delete" is not enabled. I'm wondering if anyone is able to clarify whether the integration is able to soft…
I created and verified my company in partner center but have been told that I did it in a b2c tenant and partner center isn't supported there.
I have raised 4 tickets related to this over almost 3 months. I'm told I need to convert the b2c tenant to a Entra ID Tenant. I have a MAPS subscription and am unable to get the license to work for the Entra ID - and my support plan does not work…
Rate limits for Microsoft Entra Id Apis
Hello Team, Could you please let us know the rate limits for the below Microsoft Entra Id Apis. Audit-Log: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0 User-Info :…
User logout from all devices after change/forgot password is not working.
Hi, we are trying to logout user from all the devices after change/forgot password. We are using custom policy for it. We started with this documentation: https://github.com/azure-ad-b2c/samples/tree/master/policies/revoke-sso-sessions And using…
The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/'XXXXXXXXXXXXXXXXXX'/resourceGroups/XXXX-014-aks-rg' or the scope is in
I got into a situation where I need to access AKS cluster ,so I have added below required permission by adding myself to the group and given necessary permission but getting below error ERROR :The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not…
On Prem AD to Azure AD Sync
Hi guys, i have recovered an On-Prem DC from backup that had AAD sync, however users who were created in the last 6 month are missing, but they do appear on the Azure AD. I have re-created the last 6 months users on the On-Prem AD, now i want to sync…
Hi, I need to migrate/move my Entra Domain Services to new Subscriptions.
Hello, I need to migrate/move my Entra Domain Services to new subscriptions. What could be the possible steps and also any documentations would be greatly appreciated. Thank you! Kind Regards, Majid.
Entra ID as SP for SAML SSO
Hello I am trying to set up Entra ID SSO using SAML. All the i can find is how to set it up as a Idp but i am using Entra ID as SP using SAML. Has anyone used EntraID as SP using SAML? Can you please help
Creating a naming convention for local user profile name when singing in with a M365 user
Hello, as far as I'm aware, the name used for the local user profile when logging in to an Entra ID joined device for the first time is the first 20 letters of the M365 display name with special characters and spaces removed. We would like to keep the…
Can we add an On-premise AD Group as Owner of an Azure AD Group?
Can we add an On-premise AD Group as Owner of an Azure AD Group?
AD B2C Microsoft Graph to send verification code to email
Hi, I would like to know if there is possibility to send verification code to email using Microsoft graph. Basically, I want to do everything in MS Graph ie. signing up, signing in, send verification code, SMS, MFA and social media sign up and sign in.
ASP.NET Core web app with Microsoft SSO via Azure Microsoft Entra ID and not manage secrets - is it possible?
In the Azure Portal, I create a resource Microsoft Entra ID and then add an app registration. In the app registration I can specify redirect URIs for Microsoft logins (SSO) via "Authentication" for my .NET web app: Authentication button on side…
How to redirect external user sign in attempt to initial sign in page instead of error page?
Sign in with Microsoft added to our app through our Entra ID. It works only for our tenant users, which is okay. But when external accounts outside our tenant attempt to sign in, a Microsoft error page shows up with sensitive info of our tenant…
Changing Entra Domain Services SKU from Standard to Enterprise
I am attempting to upgrade the SKU for my Entra Domain Service from standard to enterprise. The documentation says that this change should take only a few minutes. After several hours (13) it is still stuck on saving SKU. Does anyone have any suggestions…
How to access subscription after deleting all owner permissions
Hi, I accidentially deleted all Owner permissions for my MDN test subscription. Now I can no longer: Assign or list permissions in IAM Manage any resources Create a support ticket or buy paid support How can I get access to my subscription back?
How to diagnose "'AADB2C90289: We encountered an 'invalid_client' error connecting to the identity provider."
We have a Blazor application hosted in Azure which uses Microsoft Identity to authenticate the user. This has worked without incident for several years. As of last Friday night, any user trying to log into the system receives the following error after…