b2c prompt=login not working as expected
We are noticing an odd behavior with the prompt=login option using B2C custom policies and could use some help from this support forum. My requirement is to force re-auth for the following use case: “Sign in as a different user” or “Hi John Doe! Not you?…
Unable to upgrade to Entra ID P2 Tier from my Azure Free Account.
Hello There, I am currently studying for my AZ-104 exam. So I had a free Azure account registered with an email id, say user1@outlook.com. I was accessing it for a month until I wanted to create & manage tenants and explore Entra ID. Now, I…
Unable to Sync accounts using API-driven Provisioning to on-prem AD - HybridSynchronizationActiveDirectoryProviderNotFound
I am trying to deploy an API-Driven Provisioning to on-premises AD so that using a PowerShell script I can extract user information from a Third-Party DBMS, convert it to SCIM format and then send it to Azure AD API-Driven provisions for logging and…
Use certificate/FIC for Azure Data Explorer service connector on ADO
Hi team, our current azure data explorer service connector uses service principal key and secrets to authenticate. However, in response to a security incident we're solving, we need to convert the service connector to use SNI and certificates for…
How to clean up "Sign-in with your passkey" options
Hello, I have enabled FIDO2 as sign-in method and enforced it with CA policies for a pilot group. One of the users is seeing his phone as device with a saved passkey. Where did this option come from and how to disable it? The desired option is ONLY…
We have a password expiration policy set in Entra ID that forces users to change password every 90 days, but we have a subset of users with expired passwords that are not being prompted to update.
It seems that there is some commonality in the successful authentications which is that they are signing into application title: Apple Internet Accounts per sign in logs. Client app is Mobile Apps and Desktop Clients in same log. Curious if there is…
FIDO2 NFC Security key vs Android phone
Hello, I have configured FIDO2 as the only sign-in method for my tenant. It is also enforced through CA policies as phishing resistant MFA. Our FIDO2 keys are NFC compatible. The NFC experience from an Iphone is similar to the browser and works great:…
We wanted to do SAML authentication with Azure, so essentially Azure will be the Service Provider and RSA will be the Identity Provider. I need help with integrating the SAML authentication.
We wanted to do SAML authentication with Azure, so essentially Azure will be the Service Provider and RSA will be the Identity Provider. I need help with integrating the SAML authentication.
how to provide app permission consent to use Microsoft Graph APIs and Azure cost management APIs all read access? Also Which role is required to provide consent with lease privileges?.
how to provide app permission consent to use Microsoft Graph APIs and Azure cost management APIs all read access? Which role is required to provide consent with lease privileges?. I know we can provide the admin consent using Global Administrator, but is…
Why conditional access policies not applied when try to sign in app in app registration in azure?
I am integrating Azure AD and ISE 3.2 patch 5 version. Using azure credentials authentication and authorization was successful from ISE user was identified by their group. (Here when user is connected to SSID using azure login credential user will be…
How to Authenticate Scan to email mailbox
Our organization is trying to have all mailboxes set up with MFA so we can turn of legacy. The issue is that we have scan-to-email function set up through a UserMailbox, so if we convert this to a SharedMailbox, users will no longer be able to use it for…
Hi, I need to migrate/move my Entra Domain Services to new Subscriptions.
Hello, I need to migrate/move my Entra Domain Services to new subscriptions. What could be the possible steps and also any documentations would be greatly appreciated. Thank you! Kind Regards, Majid.
Microsoft Entra SSO integration with FortiGate SSL VPN connectivity issue
Scenario: Microsoft Entra SSO integration with FortiGate SSL VPN I am unable to connect via FortiClient vpn version 7.2.x.x. But when i use FortiClient vpn client version 7.0.x.x.x to connect SSL VPN via Azure ID with SAML Authentication. its connect in…
M365 hosting Tenant A and Azure AD for AAD Device on Tenant B and On prem
I have a scenario where "M365 is hosted on Tenant A with domain.com" and Azure AD for AAD Joined devices on "Tenant B with onmicrosoft.com" and on premises with "Domain.local" . Problem-User need to login using different…
FIDO2 NFC Security key vs Android phone
Hello, I have FIDO2 enabled and enforced for a pilot group through Sign-in method policies in Entra and CA policies. We are using NFC compatible FIDO2 security keys. For iPhone users - NFC works great and is similar to a PC experience: Choose security…
Hybrid Azure AD Join with Autopilot - Need clarification
I set up an Autopilot with Hybrid AAD join profile along with the Domain Join configuration profile. I follow these steps to get signed initially: From the initial Windows 10 screen, I Shift + F10 and open command prompt Switch to powershell,…
Is a P1/P2 Entra ID license per user or per tenant?
I am reading various articles about Microsoft cloud security features. Many of them list having a Entra ID P1 / P2 license as a prerequisite. But I am unclear on exactly what that means. On the Azure portal, the "All Services > Licenses"…
Unable to update the specified properties for on-premises mastered Directory Sync objects
Environment: Hybrid with an older Exchange 2010 server. AD server 2019 running AZURE AD CONNECT (latest version as of March 2022) I've been adding new employees by creating a new account in AD and syncing with AZURE. No problems there. …
AD B2C Microsoft Graph to send verification code to email
Hi, I would like to know if there is possibility to send verification code to email using Microsoft graph. Basically, I want to do everything in MS Graph ie. signing up, signing in, send verification code, SMS, MFA and social media sign up and sign in.
How to diagnose "'AADB2C90289: We encountered an 'invalid_client' error connecting to the identity provider."
We have a Blazor application hosted in Azure which uses Microsoft Identity to authenticate the user. This has worked without incident for several years. As of last Friday night, any user trying to log into the system receives the following error after…