Attribute Mapping in Azure AD Provisioning
Hello All, I hope you all are doing good. We’re integrating SuccessFactors HRIS solution with Entra ID. During synchronization from SF to Entra ID, several attributes have limitations. Suppose the username attribute sends a character limit of 256, but…
Not able to view the cards when we click on preview button in sharepoint local URL
Not able to see the cards when we click on preview button after selecting the cards on local viva application. The app was running fine but suddenly it stopped working ( not showing the cards ), and we are able to see the errors in console section. …
User name change and alias addition keeps adding and undoing every AD Sync
We are currently running Active Directory for our user data base and an on-site Exchange server that communicates with 365 and Entra for our user's emails. Because of this, all the user details are pulled from AD and can only be edited in AD. I have a…
Expression builder multiple IIF nesting
Hey folks, I've run into a problem in building expressions. As part of our Workday to Active Directory provisioning, we want to have the email address built out based on Company name. However, we have multiple company names under our AD user profiles and…
AADSTS50020 Error signing in to app
I am adding the "Sign In with Microsoft" button to my web app following the instructions. I registered a new app in Active Directory / Entra ID to use for the sign-in. I set supported account types that can use it as "Accounts in any…
How to customize the backup schedule of an Entra DS Domain (standard SKU)
Hi, We've got an Entra Domain Services domain, which is backed up every 5 days according to the standard SKU. Strangely, we notice a small hiccup of 1-2 minutes every time this backup happens on our Linux machines which are domain joined with Winbind…
"The policy specifies multiple RefreshToken UserJourney Ids" error in ROPC setup Azure AD B2C Custom Policy
Hello, I am trying to set up ROPC for my application that uses custom policies, and I am following this tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy#ropc-flow-notes. I…
How to cancel the users' Project Plan 3 license?
Hello Please i need your help on this issue. I tried to unassigned license from those users, but it pop up like their license has inherited with a group? Manage group-based licensing from the groups pivot Licenses assigned to the below users cannot be…
Authentication fails when API method is protected by RequiredScope("...")
When I call a method protected with RequiredScope on my api I get Response = 403, Forbidden. Removing RequiredScope results in 200. The app calling the api does have the correct permission granted. Protected API method: [Authorize(AuthenticationSchemes…
App registration: Verification of publisher domain failed. Unable to connect
Hi there, We are trying to verify a new App registration in one of our Entra tenants, an I am experiencing issues verifying the Publisher domain for that app via the .well-known/microsoft-identity-association.json method. I am consistently receiving the…
Create and Assign Custom Security Attributes
How do I design a few applications access based on the following fields? Can i create Custom security Attributes or Group base permission? Application ------> App1, App2 Role ------> Contractor , engineer, PM, SalesRep RoleID --->Con , ENG,…
Can't set MFA with my account
Hi, I am trying to be approved as a verified publisher. I have created an account in partner center, and got an MPN. Then, when tried to enter the MPN in the Publisher Verification form, it says I first have to enable MFA with my account. I have tried…
Password hash sync perpetual error
After reinstalling the Azure AD Connect Sync and provisioning agent on an existing environment, the error: Password hash sync Status: NotRun Last successful run: Never Job Id…
Trying to cancel a sign by appending 'error' to oauth2/authresp returns 'invalid response'
We are trying to get an OIDC provider to return an 'access denied' error back to an Azure AD B2C user flow when the user cancels / fails the sign in. The Azure AD B2C documentation states that we should be able to send an error back to AADB2C during the…
onedrive &sharepoint should not be accessible on domain join laptops
we have environment of on-premises domain joined devices and some azure ad registered devices.we are planning to block access of onedrive & sharepoint in non-domain joined devices. when I create CA policy it work for only Azure AD registered…
How to fix 'AADSTS90023: V2 tokens require asymmetric token signing credentials'?
I have a web app using Azure AD to login users. It is using the MSAL python library to redirect users to a https://login.microsoftonline.com/(...) URL for login, then exchanging the authorization code from the call for an access token. It was working…
Issue with FIDO2 Security Key Sign-in on Hybrid AD Joined Machine
Hello Team, I am encountering an issue with a Hybrid AD joined machine where I am unable to log in using FIDO2 security keys for Windows Hello for Business. Below are the details of the setup: System Details: Hybrid AD Joined PC: Operating System:…
Is it possible to create a dynamic group using different elements (devices and users) ?
Hello everybody. I need to create a dynamic group of devices, where all devices belonging to users in city X are automatically inserted into this dynamic group. It is possible ? Or should I use another method to get the same result? Note: I already have…
Is it possible to assign Groups to App roles in Azure Entra ID B2C Tenant?
Hi community, I am building a java based webapp for a customer on Azure. The customer wants to assign specific privileges to certain users via roles and groups. Currently we have enabled a B2C Tenant in Azure, where all the external users of the app are…
Which license allows domain join and device management?
I am trying to determine which license allows for domain join to Entra and allows device management. I looked at the pricing page and it seems that the free version may allow for domain joining, but I am not sure. Additionally, what are the device…
![](https://techprofile.blob.core.windows.net/images/K-17JMffHkWm3NCsMSk3cA.png?8DBA52)