Azure Region Location Switzerland North really in Switzerland?
Hello Everyone I have a question about AADDS, or should I say Entra Domain Services. When creating a managed domain, I can choose the region, such as Switzerland North, under the basics. Recently, a mentor of mine mentioned that when the region is…
MFA Registration campaign - with "nudge" - after migrated Authentication methods
Hi All, I have migrated Authentication methods I have enabled Microsoft Authenticator for All users with Authentication mode set to Any. (plus Third -party software OATH tokens for All users and FIDO2 for selected group) I've created group to start…
How to fix a users identity from "mail" to "ExternalAzureAD"?
I invited 3 users to our tenant, 2 of the users have been assigned "ExternalAzureAD" while the other is showing "mail". This is causing blocks as that user also needs to have the identity of "ExternalAzureAD".
Limited or No Access to a B2C Tenancy to New Developers
I've added myself and another dev to the tenancy, resource group and subscription as contributors to an already up and running B2C Tenancy and yet we still get the error message reading "Limited or No Access" which claims that I don't have an…
How do I remove an org linked to my account?
Hi, So I recently reopened my Azure account and I noticed that I am under some organization that I think I joined like years ago. Now, I wanted to remove/leave the organization (BTS INC) entirely on my whole microsoft account but I cannot find the way…
How to add custom claims to the Access Token using custom user Attributes.
Good afternoon MS team, I am writing you because I am looking for information on how to add custom claims when the application is generating JWT token, but I can't add them to the AccessToken, but I can see them in the IDToken, . Questions: Can I…
User logout from all devices after change/forgot password is not working.
Hi, we are trying to logout user from all the devices after change/forgot password. We are using custom policy for it. We started with this documentation: https://github.com/azure-ad-b2c/samples/tree/master/policies/revoke-sso-sessions And using…
Creating a naming convention for local user profile name when singing in with a M365 user
Hello, as far as I'm aware, the name used for the local user profile when logging in to an Entra ID joined device for the first time is the first 20 letters of the M365 display name with special characters and spaces removed. We would like to keep the…
I created and verified my company in partner center but have been told that I did it in a b2c tenant and partner center isn't supported there.
I have raised 4 tickets related to this over almost 3 months. I'm told I need to convert the b2c tenant to a Entra ID Tenant. I have a MAPS subscription and am unable to get the license to work for the Entra ID - and my support plan does not work…
Sending Azure AAD provisioning logs to Splunk
How can we send user provisioning logs from azure Aad to Splunk for monitor.
How to extract an Active User Listing with identifier columns for "Groups/UserGroups" & "License Type"?
Hi Team, I've been going back and forth between the Admin and Entra Portals. I am trying to extract a comprehensive Active User listing for my organization with an indicator of the following: Full Name User Email Group/UserGroup Department License…
The Exchange Reader Role as a built-in role in Entra
It would be nice if we can have new role Exchange Read Only or Reader role for creating custom reports. Right now I am using Global Reader for the app registration and service principle. That role works fine for the custom report. The custom role does…
How to give access to user-assigned managed identity on registered app on Azure?
I am trying to give access to a user-assigned managed identity to be able to create or delete secrets on a registered app on Azure. So far I have not been able to find a way to do so as registered application does not have any resource group.
I changed my account to an internal account by accident on Azure
I was playing around with permission in Azure and ended up changing the main account to internal instead of external. I cannot access my account any more, and can't even create a request and a phone call to my regional office just told me me to create…
How to redirect external user sign in attempt to initial sign in page instead of error page?
Sign in with Microsoft added to our app through our Entra ID. It works only for our tenant users, which is okay. But when external accounts outside our tenant attempt to sign in, a Microsoft error page shows up with sensitive info of our tenant…
Azure and Entra ID
Erorr Entra ID { "sessionId": "cbb209cb23dc4317b80b952cea59fa49", "errors": [ { "errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Duplicate workflows and User in MS Entra ID governance
Hello everyone, i started working with Microsoft Entra ID and i did some workflows for the IT department, but i need to do some more workflows for other departments. Is there a way i can duplicate the workflows i created? And is there also a way to…
I have asp.net mvc 5 integrated with Azure Single SignOn but I'm facing an error reply url AADSTS500112 error
{"error":"invalid_client","error_description":"AADSTS500112: The reply address 'http://test.edunet.bh/account/testredirect' does not match the reply address 'https://test.edunet.bh/account/testredirect' provided when…
How to distribute the app which is created on entra.
How to distribute the application or what are the ways to distribute it between different organisations?