Setting up Entra ID sign-in for Azure B2C with custom policy, wrong openid-configuration URL
Hello, I followed the guide setting up Entra ID as a sign-in method for Azure B2C. I have successfully tested the custom policy and and the correct claims are showing on jwt.ms. However, when I use MSAL React to make a request on Azure Functions, the web…
After Security Defaults are enabled after 14 days, how long until users are prompted for MFA
Hi, We are were prompted during Microsoft SSO that the Security Defaults for our tenant will be enabled. As we are still prepping to roll out MFA for users, I am curious on how quickly the users will be prompted to register for MFA? Ideally, we…
The export sync cycle was showing a Stopped server error
Hi All, We observed Microsoft Entra ID sync with the status last sync less than 3.5 hours, while troubleshooting on the server, the synchronization service Tool was not responding properly, also when tried the command: Get-ADSyncSchedular on…
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
AZUREADSSOACC Key Rollover no longer works using Hybrid Identity Administrator creds
Hi I use a PowerShell script in an Azure Hybrid Worker Runbook to automate the rollover of the Kerberos decryption key for the AZUREADSSOACC computer account. It uses a service account in Entra ID which is assigned the Hybrid Identity Administrator…
Adding Token Based Azure EntraID Authentication to GraphQL APIs created on .NET7
I have a set of GraphQL APIs created on .NET7. I want to authenticate the APIs using Azure Entra ID User/App Access Tokens. Is it possible to achieve the same out of the box, else kindly suggest a workaround.
Moving users across on-prem
Please help!!!! We have 3 on-prem domains abc.com.au 123.com and cab.com. They all sync back to single azure ad tenancy and gets assigned same domain for their email address (cab.com). I am trying to move selected users from the first 2 domain to the…
Moving users across on-prem
Please help!!!! We have 3 on-prem domains abc.com.au 123.com and cab.com. They all sync back to single azure ad tenancy and gets assigned same domain for their email address (cab.com). I am trying to move selected users from the first 2 domain to the…
Warning event logs for the Azure AD application proxy connector
**Question is related to the Azure AD application proxy connector. ** Hi All, We have seen there is warnings Screenshot 2024-04-24 140800.png, want to know any action needs to be done from Application proxy end or it will resolve automatically, or…
Problem with Exchange Server 2016 Hybrid Configuration (Teams Rooms Mailbox)
Good day, After setting up Exchange Hybrid (Classic Mode), the O365 mailboxes are not displayed in onPrem Exchange. Mails cannot be sent from onPrem to O365 either. In O365, the onPrem mailboxes are visible and mails can also be sent from O365 to…
Is Azure MFA server same as NPS with Azure ?
Hi, I read about a news here https://azure.microsoft.com/en-us/updates/azure-multifactor-authentication-server-will-be-deprecated-30-september-2024/ that Azure MFA is shutting down on September 2024 and we should migrate to Microsoft Entra. However, I'm…
How to add Custom user attributes to user's property in Azure AD (Microsoft Entra ID )
I have created the attribute from the " Custom user attributes " screen in Entra ID.Now I want to display that attribute in the user's properties. Please show me the steps to set that custom attribute to display in the user's properties Thanks
Possible to limit SharePoint API/ Graph API access to a specific Sharepoint List?
Hi, Currently working at a project for a client where we need to develop an API that connects and syncs items to and from one of their SharePoint lists. The client's concern is that our API will be able to access all contents on their SharePoint…
My Microsoft Account got Hacked with Minecraft on it
So today I wanted to play Minecraft when I want to log in it appears to me to connect I put in the correct email and it says that the account was not found with this username but I have emails from Microsoft and I also have the email where does it appear…
How to extract an Active User Listing with identifier columns for "Groups/UserGroups" & "License Type"?
Hi Team, I've been going back and forth between the Admin and Entra Portals. I am trying to extract a comprehensive Active User listing for my organization with an indicator of the following: Full Name User Email Group/UserGroup Department License…
Improper permissions for Azure ad connect sync?
So we have our azure ad synced with our on prem. We have an issue where our sync agent service stops. We have had this multiple times. I noticed that the "Log On As" is listed as "ourdomain\adconnectuser" instead of NT Service\System …
How to restrict user access to a specific device
Is there a way to allow a specific user just to login on a given device ? Any other login tries should be blocked.
Azure App registration Client secret expiration
I'm using Azure AD B2C to handle the authentication in some Azure Functions. I've been using the client secret approach (as explain in the documentation) to configure the Azure App. However the client secret has a expiration date (maximum of 2 years,…
Unable to Access Windows Server 2019 Datacenter Using Azure Active Directory User
I am facing an issue while attempting to access a Windows Server 2019 Datacenter instance using an Azure Active Directory (Azure AD) user. Despite configuring various settings on the server, I encounter an error stating "the username or password is…
Why would I get different lists of users when I use OR in a dynamic group rule versus using two separate rules?
I am trying to build a dynamic group based on the existence of an Office 365 Exchange Plan 1 or 2 associated with my users. I am using the following syntax in my rule. (user.assignedPlans -any (assignedPlan.servicePlanId -eq…