saving the Identity token in the Aspnetusertokens table
Hi I created an Asp.net core 6 project and I added the Identity framework for authentication and authorization, I would like to add token management and while doing research I realized that Identity also manages the management of tokens because it…
PIM Start and End Dates not persistant
We're utilizing PIM with a Security Group in Entra. Users are direct members added individually with start and end dates. Initially all appears fine however for some users the end date defaults to the 6 months or becomes permanent. When looking…
How to delete all Azure Active Directory or Microsoft Entra ID
Hello I`m newbie in microsoft administration so I got one test account related with my workplace and other accounts directly related with me. I dont need that account so to avoid a dead end I want to delete it. Could you delete my Azure Active Directory…
Is there limitation, on Global Secure Access on how many users I can allow, we are thinking to use it as main tunnel instead of FortiGate Firewall
Is there limitation, on Global Secure Access on how many users I can allow, we are thinking to use it as main tunnel instead of FortiGate Firewall
Device keep getting pop-up Windows needs your current credentials after login using WFHB pin or biometric
We have enable Windows Hello For Business in our environment. However, when user login using hello pin or biometric. It gives below pop-up. User device is Azure ad join and our identity is Hybrid. We are using cloud Kerberos trust to enable WFHB. Any…
How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
Hello, I'm facing an issue in Azure AD B2C to authenticate only Local and Guest users. It is possible with just an application of a single tenant. But We need to add custom claims in token which is not possible at the application level. let me…
What are the best options, ADMT or MIM Sync, for password synchronization in a live production environment?
Hi, I just want to know what will be the best to use, either ADMT or MIM Sync, for password synchronization in a live production environment with two different forest/tenants. And are there any security changes there?
How to populate TAP expiration date in lifecycle workflow email customization
I am looking to use lifecycle workflows to send a Temporary Access Pass to a manager upon hiring a new employee. However, the TAP expiration date/time isn't available as a custom email attribute. Therefore, I am creating a custom extension in order to…
Are there any security challenges associated with configuring MIM for password synchronization in live environment?
Hi, I just want to know if there are any security challenges involved in planning to configure MIM for password sync in a live production environment. In our case, we have two separate tenants: RemainCo and NewCo. We want to configure MIM sync on the…
Error creating an Asp.Net MVC project with Microsoft Identity
Using VS 2022, I created a sample Asp.Net MVC project with Microsoft Identity (.net 4.8) and toward the end of the setup it wanted to configure the Microsoft identity platform. This step fails with the following error message below: Errordotnet tool…
In Azure B2C custom policy, the Verified.strongAuthenticationPhoneNumber only gets saved to the Old Authentication Method Experience
I have a Microsoft Azure Custom Policy in the Identity Experience Framework that runs through the User's MFA experience. After the initial User Login, the User Flow next asks the User to set up their MFA if they have not yet done so. If the User select…
MFA Excluded accounts - still prompting for MFA registration
Hi Team, We have enabled the MFA in our organisation and we have created conditional access policy for the service accounts to exclude from MFA. We have disabled the MFA for those accounts under O365 admin > Active users> MFA when we try login…
MIM/PAM Installations-Problem
I'm currently in the process of setting up MIM/PAM according to the instructions. I keep running into the problem that something stated on the Microsoft website unfortunately doesn't work for…
Failed to create AzureadKerberos (Cloud Kerberos Trust)
We are trying to establish cloud Kerberos trust to enable WHFB in our environment. However, it is giving below error. It gives error at command Set-AzureADKerberosServer. Any advise and suggestion will be highly appreciated. We have followed below…
Changing the Entra ID directory name in the "Properties"
DirectoryIMage1.png Dear Microsoft Team. We've recently undergone a demerger and separated from our parent company. As part of the separation, we took over the M365 tenant. We created and are owning the DNS records of new domain. It is added into the…
How to tune Initial access incident to not trigger if there was no successful login
I am getting a significant amount of alerts from detection source AAD Identity Protection on my MS Defender Incident page, that are called "Initial access incident involving one user" and "Multi-stage incident involving Initial access…
Azure ADB2C callback url is giving bad request of redirect from OpenID connect
Hi, I have a single sign-on solution using Azure ADB2C. I use custom policies. We have different IDPs and one of them is Auth0. We are connecting to Auth0 using OpenID Connect, but looks like we are having an issue in redirection after user…
Identity Protection-Risky Users error when attempting to dismiss user
Hello, I have a user in my Identity Protection>Risky Users that has been there for several months. This user was deleted a long time ago, and therefore I do not understand why this user is in the Risky user section? When I try to dismiss the user,…
Can we Enable Manage Identity in Multiple Cotainers In Azure App Service
We are currently leveraging a container registry for deploying code from Bitbucket to Azure app services within our infrastructure. In our pursuit to enhance our security measures, we are keen on enabling the system identity provider. However, we've…
Azure AD B2C - Claims transformation with 'StringSubstring'
Hi, We have single-sign-on solution based on Azure AD B2C. We also have multiple IDP's integrated through custom policies. One of the IDP is Auth0 and Auth0 has some other internal federations. When user is trying to sign in through Auth0(using…