How do you use a conditional access policy to block end users access to Admin Portals while allowing end users to download office from portal.office.com?
Hi wonderful people With portal.office.com now classed as an Admin Portal: From support How do you use a conditional access policy to block end users access to Admin Portals while allowing end users to download office from portal.office.com? …
I want to close my old hotmail-account but I cannot as there is a tenant using that account
I want to close my old (not in use anymore) hotmail MS-account. But while attempting to close it, the system tells me there is a tenant (I do have the Tenant-ID) using that account. I do not remember why/when/how I ever setup such a tenant. But if I go…
Upgrade "Access to Azure Active Directory" subscriptions request via email
Hoping for some help (as a MS Partner) received the following email "Your subscription offer, Access to Azure Active Directory, will be disabled on May xx, 2024..." "If you currently have active resources in your Access to Azure Active…
Setting up Workday/Entra ID integration to handle leave of absence without deleting user
We currently have Workday provisioning users to Entra ID, however there's been an ask to have employee accounts disabled while they're on leave. The integration is set to have the "Create" and "Update" options allowed but not…
Outlook on Mac, getting Error 50089 - Flow token expired - Authentication Failed multiple times daily
Referred to this forum to post this question from answers.microsoft.com post Hello, We have a Mac OS user at our company that has been getting repeated prompts for their password daily from Outlook. These issues started a few weeks ago. When looking in…
Joining a VM to Microsoft Entra ID Tenant
Hello everyone, I recently set up an Entra ID tenant, which currently uses the default .onmicrosoft.com primary domain. For the purpose of this discussion, let’s refer to it as XYZ.onmicrosoft.com. Now, I’d like to join a virtual machine (VM) to this…
How to Authenticate Scan to email mailbox
Our organization is trying to have all mailboxes set up with MFA so we can turn of legacy. The issue is that we have scan-to-email function set up through a UserMailbox, so if we convert this to a SharedMailbox, users will no longer be able to use it for…
Intune PIM roles needed to view Log Analytics in Entra ID
What role(s) do I need to have activated in order to view Log Analytics within Entra ID? When I looked into it, I saw that you need Security Admin and Global Reader activated. I have both of these roles, although when I go to Entra ID -> Log…
Azure AD B2C LinkedIn IDP does not work
Using the standard options to add LinkedIn as an identity provider on my B2C tenant does not work. Seems like the current integration is still using r_emailaddress and r_liteprofile scopes, which are not support by the new LinkedIn OpenID specification.
sign out and sign in to another Azure directory
Hi, I was a freelancer for a client and needed to create an additional directory (with the same email address as my original one). Now I don't work for the client anymore, deleted the directory at myaccount.microsoft.com and still every time I want to…
TENANT LOCKOUT - FAULTY CONDITIONAL ACCESS POLICY
We have been locked out of our tenant for almost 3 weeks now due to a faulty Conditional Access policy. During these 3 weeks, there have been countless conversations with a number of Microsoft support agents/technicians, none of which seemed to have an…
Enabling SSSO through AADC is not working.
I'm having trouble setting up seamless SSO in our hybrid environment. I'm trying to do pass-through AAD authentication, not AD FS: all of our clients are WIN10 and above all of our devices are synced to Azure port 9090 is not blocked AADC is the…
Create custom CloudAP plugin to authenticate to windows machine which is entra Joined?
My domain is federated with custom inhouse IDP and when the user tries to login in the entra joined machine as IDP CloudAP authenticates the user right? Is it possible to create custom CloudAP Plugin so after user enters the password our idp can enforce…
Unable to Read/Write B2C Custom Domain Settings in Entra Admin Center
I'm following along the Azure Add your custom domain name steps and trying to navigate to the Settings>Domain name. I have global admin for the tenant which is also linked to an active subscription But there is no Setting under Identity.
How to set up role based authentication in a Blazor Server app in Microsoft Entra ID
Hi, I have a Blazor Server app and I want to use role based authorization in Microsoft Entra ID. I created role for it and I added permission to it: Program.cs builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) …
Everyone locked out of tenant due to a faulty Conditional Access Policy
We have been locked out of our tenant for almost 2 weeks now due to a faulty Conditional Access policy. During this week, there have been several conversations with a number of Microsoft support technicians, none of which seemed to have an understanding…
Authenticator App Being Forced
Last week I was made aware of this message some accounts were receiving upon login. We have MFA enabled for majority of accounts, but there are some that are not enrolled for various reasons. Now, even though MFA is disabled for the account, this message…
NPS Extension for Azure MFA failing to generate MFA prompt
Hi I am trying to setup a new NPS server with the NPS Extension for Azure MFA to control access to an RDS server on-prem. Authentication works fine when not using the NPS Extension. With the NPS Extension enabled, the user does not receive an MFA…
How do we find the orphaned managed identities which are not assigned to any azure service
From a list of managed identities present in azure subscription for my account, how can I identify the managed identities which are created but does not have any roles or resources attached to it. I want to find the list of all the managed identities…