Wrong SAML Claims for AppRoles
Hello, I am configuring the SAML claims for Enterprise Application in Azure. For the moment I have configured them like that: and I have tested connection to target app. Everything is fine and app can read custom_roles. Unfortunately additionally to…
Azure Advisor shows vulnerabilities in non existing container images
I have Azure Advisor turned on and it reports vulnerabilities in the container images under Security using [Preview] "Container images in Azure registry should have vulnerability findings resolved" recommendation. For some reason when I select…
PowerShell script to retrieve a list of users without properly assigned/registered Windows or MacOS devices
Need a PowerShell script to get list of user who do have an Windows or mac OS device assigned or registered under their name We have many users who do not as any Windows or MacOS device assigned under their name These are devices which were not properly…
How to add social account signup button in the sign up screen?
I am using the Signup and Signin user flow in Azure AD B2C where I have configured the Microsoft as the identity provider. In Signin page the **Login with Microsoft** button is present. But if I head over to the signup page the button is not visible. …
Can app registration limits also be removed on Azure B2C just like in Entra ID
I found the following documentation about Entra ID. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/quickstart-app-registration-limits I would like to know if this documentation: Also apply for Azure B2C Can this custom…
OAuth 2.0 refresh token and access token max length
I have created an App Registration in the Azure portal. What are the maximum token lengths for Access and Refresh tokens, when user login using app's clientid .
Thousands of sign-in errors in Entra ID
Hello, I have problem with sign ins into Windows Sign In. Infra: local AD synced into Entra ID Windows 10/11 hybrid joined devices only GPO managed, we don't have Intune yet Problem is that I see THOUSANDS of failed sign ins into Windows. Almost…
User count limitation for unverified app
I have created an App Registration in the Azure portal. But the App unverified. How many user can login using app's clientid in the same time . Is there a user count limitation for unverified App?
Is a P1/P2 Entra ID license per user or per tenant?
I am reading various articles about Microsoft cloud security features. Many of them list having a Entra ID P1 / P2 license as a prerequisite. But I am unclear on exactly what that means. On the Azure portal, the "All Services > Licenses"…
Could I Hide "Choose an account to continue to b2clogin.com" in Azure B2C with Google sign IN?
Hi! I am working on a project with Azure B2C where we are using Google as Identity Provider, client says us that they want to hide (or change) the URL (b2clogin.com) who appears when you are going to sign up with Google: After a depth look in the Google…
Azure B2C for a Blazor WASM randomly stopped working?
Hey all sorry to be a burden but I am running out of options for this so I thought I would ask Over the Easter Break I taught myself how to implement Azure B2C in a Blazor WASM+Api environment for SPA (using .Net 7). I followed this tutorial for the…
SAML SSO certificate issue with Freshservice
the current SSO certificate to be expire soon, create a new SAML SSO certificate, download base64 cer, paste who details in the freshsevices security cert field, save, and then active the new certificate in azure....then SSO in new web browser, not…
Derivation of AuthnInstant attribute value
I am using Microsoft Entra ID as IDP for my web app for SAML SSO. When I navigate to my application in Chrome the AuthnInstant is from 2 days ago, however for the same URL in Chrome incognito mode it AuthnInstant is current date-time and for Firefox it…
what are Microsoft security recommendation for Microsoft Entra
hello, We are setting up a Microsoft Enterprise tenant; what basic recommendations can we make to make it more secure? Like we know, we like to implement MFA,CA ,PIM ,Audit log anything apart for this specially from IAM side security. Thanks Richa
How to BULK GROUPS to a User
Hello, As part of our onboarding process we are required to create user accounts in Microsoft admin center. Once created, we need to add this user to multiple different groups. The process to do this in the admin center is incredibly frustrating and is…
Lost Global Admin Access to Tenant because of lost authenticator
Hi I have lost Global Admin Access to my tenant because of MFA. I do have my phone number registered in the SSPR (so I can reset my GA password) but not in MFA so when I lost my authenticator I cannot log into the Azure Portal using my Global Admin…
Get-MgDirectoryOnPremiseSynchronization : Insufficient privileges to complete the operation as the Global Administrator?
What are the additional required permissions on top of the Global Administrator to execute the below read only command? Connect-MgGraph -Scopes OnPremDirectorySynchronization.ReadWrite.All Get-MgDirectoryOnPremiseSynchronization The error I am…
Require app protection policy and Blocking Legacy Authentication
Hello, It is a little bit unclear the scenario of the policy deployment. In one of the articles, the recommendation is to Block the Legacy…
Intune Devices showing as 'not active' in compliance settings regardless of clicking 'sync'
We have a hybrid set up, with Intune MDM. I just pulled a report for all non-compliant devices and wanted to make sure that they were set to compliant. We have a user with a non-hybrid device, but intune enrolled. Intune is saying it is 'inactive' even…
Cannot get Intune to remove users as Administrators
Hello we are transitioning from AD to AZURE AD (not autopilot) and registering our devices with AZURE AD, and installing Intune from the Microsoft store on the endpoints afterword's, set to auto enrolment. We noticed that when we join the device to…