Everyone locked out of tenant due to a faulty Conditional Access Policy
We have been locked out of our tenant for almost 2 weeks now due to a faulty Conditional Access policy. During this week, there have been several conversations with a number of Microsoft support technicians, none of which seemed to have an understanding…
Azure AD B2C SSO and Teams app
Hi all, We are developing a Teams tab app. Our backend application is authenticating users with Azure AD B2C. How can the users log in to our application via Teams Tab app? Any sample code or document? I can find find only Entra ID SSO with Teams App.
How to fetch data of more than one column with single click In MS Office?
I am here with a problem and want to get solution of it through your help. I am MS Office user and have multiple records in one file like mix and match jollibee. I have a multiple records in the file and want to fetch different records with single click.…
TENANT LOCKOUT - FAULTY CONDITIONAL ACCESS POLICY
We have been locked out of our tenant for almost 3 weeks now due to a faulty Conditional Access policy. During these 3 weeks, there have been countless conversations with a number of Microsoft support agents/technicians, none of which seemed to have an…
Azure Region Location Switzerland North really in Switzerland?
Hello Everyone I have a question about AADDS, or should I say Entra Domain Services. When creating a managed domain, I can choose the region, such as Switzerland North, under the basics. Recently, a mentor of mine mentioned that when the region is…
使用單一登入SSO 將網域設定到GOOGLE登入頁面但是,從GOOGLE登入有些會失敗
使用單一登入SSO 將網域設定到GOOGLE登入頁面但是,因為一開始還未使帳號用同步時,就已經建立帳號,之後那些帳號從GOOGLE登入有些會失敗會出現以下畫面,造成全域管理員帳號無法進入 AADSTS51004: The user account user@domain.com does not exist in the 8ddde8ec-9e1b-4f56-8952-11894fefb6b0 directory. To sign into this application, the account…
NuGet Error NU1101
I am not a developer but I am hoping to test an application provided by Microsoft. https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-web-app?tabs=visual-studio I have downloaded what is needed. After the…
MFA Registration campaign - with "nudge" - after migrated Authentication methods
Hi All, I have migrated Authentication methods I have enabled Microsoft Authenticator for All users with Authentication mode set to Any. (plus Third -party software OATH tokens for All users and FIDO2 for selected group) I've created group to start…
How to fix a users identity from "mail" to "ExternalAzureAD"?
I invited 3 users to our tenant, 2 of the users have been assigned "ExternalAzureAD" while the other is showing "mail". This is causing blocks as that user also needs to have the identity of "ExternalAzureAD".
Limited or No Access to a B2C Tenancy to New Developers
I've added myself and another dev to the tenancy, resource group and subscription as contributors to an already up and running B2C Tenancy and yet we still get the error message reading "Limited or No Access" which claims that I don't have an…
How do I remove an org linked to my account?
Hi, So I recently reopened my Azure account and I noticed that I am under some organization that I think I joined like years ago. Now, I wanted to remove/leave the organization (BTS INC) entirely on my whole microsoft account but I cannot find the way…
How to add custom claims to the Access Token using custom user Attributes.
Good afternoon MS team, I am writing you because I am looking for information on how to add custom claims when the application is generating JWT token, but I can't add them to the AccessToken, but I can see them in the IDToken, . Questions: Can I…
User logout from all devices after change/forgot password is not working.
Hi, we are trying to logout user from all the devices after change/forgot password. We are using custom policy for it. We started with this documentation: https://github.com/azure-ad-b2c/samples/tree/master/policies/revoke-sso-sessions And using…
Creating a naming convention for local user profile name when singing in with a M365 user
Hello, as far as I'm aware, the name used for the local user profile when logging in to an Entra ID joined device for the first time is the first 20 letters of the M365 display name with special characters and spaces removed. We would like to keep the…
I created and verified my company in partner center but have been told that I did it in a b2c tenant and partner center isn't supported there.
I have raised 4 tickets related to this over almost 3 months. I'm told I need to convert the b2c tenant to a Entra ID Tenant. I have a MAPS subscription and am unable to get the license to work for the Entra ID - and my support plan does not work…
Sending Azure AAD provisioning logs to Splunk
How can we send user provisioning logs from azure Aad to Splunk for monitor.
How to extract an Active User Listing with identifier columns for "Groups/UserGroups" & "License Type"?
Hi Team, I've been going back and forth between the Admin and Entra Portals. I am trying to extract a comprehensive Active User listing for my organization with an indicator of the following: Full Name User Email Group/UserGroup Department License…
The Exchange Reader Role as a built-in role in Entra
It would be nice if we can have new role Exchange Read Only or Reader role for creating custom reports. Right now I am using Global Reader for the app registration and service principle. That role works fine for the custom report. The custom role does…
How to give access to user-assigned managed identity on registered app on Azure?
I am trying to give access to a user-assigned managed identity to be able to create or delete secrets on a registered app on Azure. So far I have not been able to find a way to do so as registered application does not have any resource group.
I changed my account to an internal account by accident on Azure
I was playing around with permission in Azure and ended up changing the main account to internal instead of external. I cannot access my account any more, and can't even create a request and a phone call to my regional office just told me me to create…