how to provide app permission consent to use Microsoft Graph APIs and Azure cost management APIs all read access? Also Which role is required to provide consent with lease privileges?.
how to provide app permission consent to use Microsoft Graph APIs and Azure cost management APIs all read access? Which role is required to provide consent with lease privileges?. I know we can provide the admin consent using Global Administrator, but is…
Why conditional access policies not applied when try to sign in app in app registration in azure?
I am integrating Azure AD and ISE 3.2 patch 5 version. Using azure credentials authentication and authorization was successful from ISE user was identified by their group. (Here when user is connected to SSID using azure login credential user will be…
How to Authenticate Scan to email mailbox
Our organization is trying to have all mailboxes set up with MFA so we can turn of legacy. The issue is that we have scan-to-email function set up through a UserMailbox, so if we convert this to a SharedMailbox, users will no longer be able to use it for…
Hi, I need to migrate/move my Entra Domain Services to new Subscriptions.
Hello, I need to migrate/move my Entra Domain Services to new subscriptions. What could be the possible steps and also any documentations would be greatly appreciated. Thank you! Kind Regards, Majid.
Microsoft Entra SSO integration with FortiGate SSL VPN connectivity issue
Scenario: Microsoft Entra SSO integration with FortiGate SSL VPN I am unable to connect via FortiClient vpn version 7.2.x.x. But when i use FortiClient vpn client version 7.0.x.x.x to connect SSL VPN via Azure ID with SAML Authentication. its connect in…
M365 hosting Tenant A and Azure AD for AAD Device on Tenant B and On prem
I have a scenario where "M365 is hosted on Tenant A with domain.com" and Azure AD for AAD Joined devices on "Tenant B with onmicrosoft.com" and on premises with "Domain.local" . Problem-User need to login using different…
How to clean up "Sign-in with your passkey" options
Hello, I have enabled FIDO2 as sign-in method and enforced it with CA policies for a pilot group. One of the users is seeing his phone as device with a saved passkey. Where did this option come from and how to disable it? The desired option is ONLY…
FIDO2 NFC Security key vs Android phone
Hello, I have FIDO2 enabled and enforced for a pilot group through Sign-in method policies in Entra and CA policies. We are using NFC compatible FIDO2 security keys. For iPhone users - NFC works great and is similar to a PC experience: Choose security…
FIDO2 NFC Security key vs Android phone
Hello, I have configured FIDO2 as the only sign-in method for my tenant. It is also enforced through CA policies as phishing resistant MFA. Our FIDO2 keys are NFC compatible. The NFC experience from an Iphone is similar to the browser and works great:…
Hybrid Azure AD Join with Autopilot - Need clarification
I set up an Autopilot with Hybrid AAD join profile along with the Domain Join configuration profile. I follow these steps to get signed initially: From the initial Windows 10 screen, I Shift + F10 and open command prompt Switch to powershell,…
Is a P1/P2 Entra ID license per user or per tenant?
I am reading various articles about Microsoft cloud security features. Many of them list having a Entra ID P1 / P2 license as a prerequisite. But I am unclear on exactly what that means. On the Azure portal, the "All Services > Licenses"…
Unable to update the specified properties for on-premises mastered Directory Sync objects
Environment: Hybrid with an older Exchange 2010 server. AD server 2019 running AZURE AD CONNECT (latest version as of March 2022) I've been adding new employees by creating a new account in AD and syncing with AZURE. No problems there. …
AD B2C Microsoft Graph to send verification code to email
Hi, I would like to know if there is possibility to send verification code to email using Microsoft graph. Basically, I want to do everything in MS Graph ie. signing up, signing in, send verification code, SMS, MFA and social media sign up and sign in.
How to diagnose "'AADB2C90289: We encountered an 'invalid_client' error connecting to the identity provider."
We have a Blazor application hosted in Azure which uses Microsoft Identity to authenticate the user. This has worked without incident for several years. As of last Friday night, any user trying to log into the system receives the following error after…
Azure Data Studio: adding Entra ID user account fails with "Error: read ECONNRESET"
Hello, we are facing the situation in our organization that some users (on specific laptops) have problems to add their personal Entra ID user accounts (formally Azure Active Directory) in Azure Data Studio. We tried Code Grant authentication as well…
Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
Workday/Entra ID - Soft delete users without the "Delete" action selected?
We currently have Workday to Entra ID user provisioning enabled with the "Create" and "Update" actions allowed and "Delete" is not enabled. I'm wondering if anyone is able to clarify whether the integration is able to soft…
I created and verified my company in partner center but have been told that I did it in a b2c tenant and partner center isn't supported there.
I have raised 4 tickets related to this over almost 3 months. I'm told I need to convert the b2c tenant to a Entra ID Tenant. I have a MAPS subscription and am unable to get the license to work for the Entra ID - and my support plan does not work…
Rate limits for Microsoft Entra Id Apis
Hello Team, Could you please let us know the rate limits for the below Microsoft Entra Id Apis. Audit-Log: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0 User-Info :…
User logout from all devices after change/forgot password is not working.
Hi, we are trying to logout user from all the devices after change/forgot password. We are using custom policy for it. We started with this documentation: https://github.com/azure-ad-b2c/samples/tree/master/policies/revoke-sso-sessions And using…