How to authenticate a user that was redirected to a web application from a desktop application.
I am having an issue trying to use Azure AD B2C to use SSO between my desktop application and my web application. The issues is almost exactly what is described in this question:…
Script to loop through a CSV file and to exit loop once all users have been licensed in M365
Hi all, I have an input CSV file like this: UserPrincipalName user1@test.com user2@test.com When I license these users in M365, it can take a couple of moments for the Get-MSolUser "IsLicensed" attribute to be set to "True". I would…
Acc-Creation
Hi All, I want to create a guest account. I have logged in to the Exchange Online Admin Center and created a mail contact. However, I am not seeing this mail contact in Azure AD. Will mail contacts not show up in Azure AD? If i need to create a guest…
URGENT - TENANT LOCKOUT - FAULTY CONDITIONAL ACCESS POLICY
We have been locked out of our tenant for almost 4 days due to a faulty conditional access policy. I have reported the case and requested urgency and answers countless times to Microsoft support, none of whom seemed to understand the urgency of the…
How do you provision onPremisesExtensionAttributes (extensionAttribute) using SCIM
Our organisation has synced the onPremisesExtensionAttributes(extensionAttribute13) to Entra ID. I have already confirmed that my target user contains this value in the azure portal and using graph api. When sending the attribute using SCIM the…
How to authenticate a user that was redirected to a web application from a mobile application.
I have two applications that use two different Azure AD B2C user flow. The first one being a mobile application that the user opens from his phone and is the starting point for the user. The second one is a web application that the user can be…
Error AADSTS75016 when setting up SAML SSO
Hi, I'm setting up a non-gallery application to use as an IDP for SSO to my development app and facing the error AADSTS75016: The SP name qualifier '{name}' is not valid. I notice that I get the error when I set the NamelD in the request, no matter what…
External Guest User Access for different Guest scenarios
We are trying to invite external guests into our teams environment. The issue may arise where we want to treat give external guests different access. there are 3 options in the user settings. I want to give some guests same access and some guest…
On Microsoft Entra I am unable to see user name with unauthorized access how do I view the users?
Hello I see unauthorized sign-in on the Entra Microsoft account. I don't see the list of users that are having unprotected sign-in. How do I see it? I have all the privileges still I don't see the names of the users.
Bypass MFA for specific users or groups - NPS Extension for Azure MFA
We're utilizing NPS Extension for Azure MFA in our Highly available RDS Environment (Two RDGW Machines, Two NPS Machines (with extension installed), and Two connection broker machines)) We have a requirement to exclude service accounts from getting MFA…
Enforcing MFA policy doesn't work.
Hi, it seems the enforcement of MFA for users doen not work. Most users can just continue to log off and on without having to MFA. I have setup the conditional access policy in Entra ID according to instructions. Please assist!
How to fix 'AADSTS90023: V2 tokens require asymmetric token signing credentials'?
I have a web app using Azure AD to login users. It is using the MSAL python library to redirect users to a https://login.microsoftonline.com/(...) URL for login, then exchanging the authorization code from the call for an access token. It was working…
Microsoft authenticator does not show up the code and Im the only admin in Microsoft 365 business.
Hi, I have tried to login into my business email and I have microsoft authenticator app. It shows that enter the code displayed in the Microsoft Authenticator app on your mobile device. However, I did not receive any code and I have done all…
Deleting and Removing computer object synched hybrid from Entra ID /Azure AD ?
I use Hybrid Azure AD / Entra ID and Intune to deploy and manage the AD computer objects that are joined to OnPremise AD DS. May I know the potential side effects of deleting the device using the below code? Remove-MgDevice -DeviceId Is there any way…
how to tell if a classic conditional access policy is being used
I am responding to the deprecation classic conditional access policies and i am finding it difficult to determine if a classic conditional access policy is being evaluated. I can see that the classic policies are enabled. When I edit the policy and…
I need to restore a recently deleted App Registration, but I don't have permissions to do it
I have an app registration that got deleted (not by us ... guessing because it is very old and isn't used so maybe for security reasons someone deleted it) but now I have to set up the new code signing and I need to enable it again so code signing can be…
Azure SSPR-Implementing with M365 E5 Licence
Hi Team, Since Azure Entra ID SSPR requires each user to have Azure Entra ID P1/P2 plan for them to avail SSPR, I've read somewhere that those who have the M365 E5 licence will already have the Entra ID P2 plan that will help them avail SSPR. Can someone…
Expression builder multiple IIF nesting
Hey folks, I've run into a problem in building expressions. As part of our Workday to Active Directory provisioning, we want to have the email address built out based on Company name. However, we have multiple company names under our AD user profiles and…
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON + SQL Server
Hi Everyone, I am seeking help with analyzing an issue related to SQL Server linked server connections. Here is a description of the problem. All SQL server databases servers are on-premises. Scenario 1: (Working Properly) We tried to connect SQL server…
help with MSAL and node.js
I seem to be running in circles and could use some guidance. We have a Vue based front end site that has our own username/password/mfa solution that, once logged in, sets a series of auth cookies back to the browser that go to each API call on our back…