Changing the SMTP address on the O365 side with ADSync enabled
Hello, we need to make changes to ADDS ProxyAddress to add an alias to a mail user in Office 365. The user is hosted in ADDS and synchronized with Entra via ADSync. However, it is very inconvenient to use the attribute editor in ADDS. But we cannot…
Guest accounts from one company unable to sign-in
Hi All, For few years now every guest account in our tenant was signing in using their company email address. Two days ago something changed and guest users from one company, when trying to sign in to our tenant, get error that "Selected account…
Microsoft Entra Domain Services Blocking TCP Port 53 DNS
Hello, I am attempting to connect to my Microsoft Entra Domain by setting up an AWS AD Connector directory at AWS. Every time I attempt to create the AD Connector directory the process fails with the error message: : DNS unavailable (TCP port 53) for IP:…
Login issue
Hello All, I tried to sign in my Azure Portal Account. Coming to the identify session, I face the OTP issue. I tried to send the OTP in my registered mail id for complete login process. But the OTP is not able to be sent my registered mail id. How to…
Select a specific client id in a VM with multiple managed identities.
I could not authorize Azure Service Bus with spring-cloud-azure-starter-servicebus. From the log, my app had no problem getting the token, but I got "Unauthorized access. 'Send' claim(s) are required to perform this operation." when I sent the…
How do I get My authentication Accounts
I got a new phone I signed into my Microsoft authentication account It brung up everything except for my authentications account I have all my passwords And I don't know how to get them What do I do
Improper permissions for Azure ad connect sync?
So we have our azure ad synced with our on prem. We have an issue where our sync agent service stops. We have had this multiple times. I noticed that the "Log On As" is listed as "ourdomain\adconnectuser" instead of NT Service\System …
Necessary permissions to query /users/{user}/manager?
Hi there! I've got an Entra ID app with permissions on User.Read and User.Read.All, and want to fetch the supervisor (/users/{user}/manager) of a given user on command. I've got the OAuth2.0 workflow running and am receiving a valid tokens for the Entra…
Prevent constant MFA requests for hybrid workforce
Hello, Most of our users are hybrid, working remotely via VPN and locally in office. Regardless of our 30-day MFA policy, our users are prompted for MFA every few days if they move locations between working at home and at the office. We are a non-profit…
Session controls VS grant controls
Does anyone know if passing grant controls in CAP but not session controls will bypass CAP? Moreso in the context of MCAS, where you can set up conditional access using certificates to do something say "block access to devices with no certificate…
How to enable multi-factor authentication for rdp connections
Hi, I need to set up a multi-factor authentication system for rdp connections to my windows server 2016. I have been looking at all the guides out there on this. I have it configured with microsoft authenticator for a group of users accessing the azure…
Error when trying to update Authentication Methods Policy
Attempting to update the Microsoft Authenticator settings policy (Security | Authentication methods | Policies) and getting an error 'The Policy did not save successfully'. There are currently 16 groups with the policy applied. We cannot delete any of…
Microsoft Teams integration automation
I want to add Microsoft Teams integration to my web app to create meeting links. I was able to do this by manually registering the application in the Microsoft Entra admin center and setting up keys and permissions. I'm looking for a way to simplify this…
myapps.microsoft.com shows a blank page but then I refresh and it works
When I access myapps.micorsoft.com I initially get a blank page but if I refresh the site comes up. I looked into the network flows and the issue appears to be that during the first attempt at access I receive a 400 status code from a request to…
Is there a way to prevent users from adding new MFA devices without assistance?
In our tenant, users can go to myaccount.microsoft.com, go to Security Info, and add a new sign in method, including a new device to receive SMS, etc. Is there a way to prevent users in our tenant from doing this? Ideally they would have to have someone…
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
When trying to use BeginAttachDetachDataDisks(Using GO SDK), I'm getting the following error: The subscription is not enabled for using the attach detach data disks API. I have the attachDisk & detachDisk permission added for the subscription.
When trying to use BeginAttachDetachDataDisks, I'm getting the following error: "The subscription is not enabled for using the attach detach data disks API". I have the attachDisk & detachDisk permission added for the subscription. I'm able…
MFA Registration campaign - with "nudge" - after migrated Authentication methods
Hi All, I have migrated Authentication methods I have enabled Microsoft Authenticator for All users with Authentication mode set to Any. (plus Third -party software OATH tokens for All users and FIDO2 for selected group) I've created group to start…
Can you have two Entra IDs for two separate domains and a single tenant
We have a client that owns 2-3 domains under a single tenant. The parent company (companyA .com) and the child company (companyB.com) want to separate their Azure AD so companyB.com can be independent. They have 150 users in total all Azure AD joined. …
Why would I get different lists of users when I use OR in a dynamic group rule versus using two separate rules?
I am trying to build a dynamic group based on the existence of an Office 365 Exchange Plan 1 or 2 associated with my users. I am using the following syntax in my rule. (user.assignedPlans -any (assignedPlan.servicePlanId -eq…