The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/'XXXXXXXXXXXXXXXXXX'/resourceGroups/XXXX-014-aks-rg' or the scope is in
I got into a situation where I need to access AKS cluster ,so I have added below required permission by adding myself to the group and given necessary permission but getting below error ERROR :The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not…
AD B2C Microsoft Graph to send verification code to email
Hi, I would like to know if there is possibility to send verification code to email using Microsoft graph. Basically, I want to do everything in MS Graph ie. signing up, signing in, send verification code, SMS, MFA and social media sign up and sign in.
Can we add an On-premise AD Group as Owner of an Azure AD Group?
Can we add an On-premise AD Group as Owner of an Azure AD Group?
Changing Entra Domain Services SKU from Standard to Enterprise
I am attempting to upgrade the SKU for my Entra Domain Service from standard to enterprise. The documentation says that this change should take only a few minutes. After several hours (13) it is still stuck on saving SKU. Does anyone have any suggestions…
Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
How to access subscription after deleting all owner permissions
Hi, I accidentially deleted all Owner permissions for my MDN test subscription. Now I can no longer: Assign or list permissions in IAM Manage any resources Create a support ticket or buy paid support How can I get access to my subscription back?
How to diagnose "'AADB2C90289: We encountered an 'invalid_client' error connecting to the identity provider."
We have a Blazor application hosted in Azure which uses Microsoft Identity to authenticate the user. This has worked without incident for several years. As of last Friday night, any user trying to log into the system receives the following error after…
How do I send email from Linux machines to Microsoft 365 accounts with oauth2
I have been using app passwords successfully to authenticate users in Linux web applications and to send emails to users. A few days ago, this stopped working. SMTP Auth methods no longer work. My account settings show that Authenticated SMTP can access…
Azure B2C Session timeout is not working as expected on password reset page
I applied below session settings in password reset journey as well as default user journey. But the session is not getting expired if browser is let idle for more then 15 min (Even tried after 2 hours). Session is only getting timeout after refreshing…
Effects of turning off Security Defaults
We turned on Azure AD Security Defaults about a week ago but now need to turn it off and configure conditional access policies for MFA. About half of our accounts have registered for MFA authentication. Will our already registered accounts need to…
How to connect to Azure Storage account via OAuth2.0 from Azure APIM?
Step1: Created an application in Microsoft Entra ID under "App registrations". Step2: Recorded the following details: Client ID Client secret Access token URL Step3: For the Storage Account, added a role assignment and grant access to the…
UPN changing when adding external user to BI workspace
Hi all - I am company admin. I have an external user added with a guest account in our azure tenant. What is happening is when I search for the user in power BI workspace - to give them access - they appear with the correct syncronised UPN for example:…
Joining a VM to Microsoft Entra ID Tenant
Hello everyone, I recently set up an Entra ID tenant, which currently uses the default .onmicrosoft.com primary domain. For the purpose of this discussion, let’s refer to it as XYZ.onmicrosoft.com. Now, I’d like to join a virtual machine (VM) to this…
How do we find the orphaned managed identities which are not assigned to any azure service
From a list of managed identities present in azure subscription for my account, how can I identify the managed identities which are created but does not have any roles or resources attached to it. I want to find the list of all the managed identities…
Rate limits for Microsoft Entra Id Apis
Hello Team, Could you please let us know the rate limits for the below Microsoft Entra Id Apis. Audit-Log: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0 User-Info :…
Enabling SSSO through AADC is not working.
I'm having trouble setting up seamless SSO in our hybrid environment. I'm trying to do pass-through AAD authentication, not AD FS: all of our clients are WIN10 and above all of our devices are synced to Azure port 9090 is not blocked AADC is the…
Can I configure HR-driven provisioning via a created enterprise application?
Hi, we've been trying to configure HR driven provisioning to Microsoft Entra ID. I know that there are existing connectors for Workday and SuccessFactors provided by Microsoft. I'm also aware of the API-driven inbound provisioning. What I mainly want to…
Why is EAC and On-Prem AD showing different information?
Hi All, We have an issue whereby a users contact information, specifically their mobile number and job title isn't syncing properly between On-Prem AD as well as Exchange Admin Centre. We have removed the users personal mobile number from AD and…
Adb2c password reset custom policy -Reset password using username
Hi, I am working on Adb2c custom policies and am stuck in the password reset policy where I need to reset the password using a username instead of the email address. The below screenshot is for User flows where it is provided that we can create a reset…
Function App error : No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId.
I have followed this tutorial https://review.learn.microsoft.com/en-us/identity/microsoft-identity-platform/federated-identity-credentials?branch=main&tabs=dotnet#more-resources And added the user assigned managed identity as federated identity…