Content
Set correction for set...
Hi, after an upgrade from FIM2010 to MIM 2016SP2 (4.6.641.0) I realized that there is a strange issue about sets membership. There is a simple set filtered by an integer value ( isdisabled=0). Problem is about membership recalculation when a user change…
ADB2C User creation error
Hi Team: Good Morning, I was trying to create user in ADB2C using Microsoft Graph Explorer, getting error as below, API: https://graph.microsoft.com/v1.0/users JSON: { "displayName": "Adele Vance", "givenName":…
Azure B2B Invite to External Users Sent in Different Languages
Hi, I am currently facing a challenge, hopefully not a unique one. I am trying to invite external users to collaborate on our tenant. I am sending out the invitations through Azure/Identity/Entra. However, invites sent to personal accounts (eg. gmail,…
MIM Group manual Membership validation
Hello Guys, am trying to make a validation on manual group memberships in MIM meaning if an IT guy is requesting to join a sales group this should pop a validation error on the portal saying that their request in not allowed.
Problems with the SignInManager method PasswordSignInAsync
Hello, I have a server-side Blazor application using framework net6.0. I do try to implement an login page. I have implemented an AuthenticationService and i am using the SignInManager. I can login and i am using the PasswordSignInAsync method. But at a…
IDX21323: RequireNonce is 'True'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValid
I have an asp.net MVC application and I have registered application in azure directory for Microsoft Identity Platform and same details were configured in web.config, Startup.cs file and tried few approaches to resolve the error but no luck. Below i have…

Unfamiliar sign in properties
One of the accounts that I have created in a new tenant does not seem to pass the conditional access policy. The account is flagged as a risky sign-in and is being blocked by the policy. I don't want to add an exception for this user and the additional…
Azure AD Access Package for external users - Pending acceptance after request is approved
Hi, I have created the AzureAD Access Package for external guest users. Created a catalog Added two resources to the catalog one is AAD security group for my external users the second one is ServiceNow SSO Enterprise app they will be using to…


IAsp.Net Core Identity.EntityFramework Unable to assign a Role to an User
Hi, I generate the table to support Identity in Asp.Net Core Entity Management. The table are created in SQLServer I create 2 Users and 2 roles. I can see it in the tables. I want to assign a role to an user so I use the following statement var…
Bastion Forest vs Red forest (ESAE)
Hi there, I have done one of Bastion forest implementation (PAM /MIM), but I always see on Microsoft Learn something called: Red Forest (ESAE). I always thought when I'm implementing Bastion forest that ESEA is included in my work. So, may…
Approval requests are still stuck as Pending even after approved from Approver in MIM Portal.
Hello everyone! We stuck on issue, where we have normal situation for "Owner Approval" based group membership allocation. As End user requests to get group's membership from MIM Portal, it sent request for approval to assigned Owners of the…
How to fix this issue
Unable to acquire token for tenant 'organizations' with error 'ManagedIdentityCredential authentication failed: Internal Server Error! Status: 500 (Internal Server Error) Script: Param( [string]$resourceGroup, [string]$method, [string]$UAMI )
The control type 'System.Web.UI.HtmlControls.HtmlAnchor' is not allowed on this page.
Hi All, recently we have updated below KB's. KB 5002472 – September 2023 Update for SharePoint Server 2019 (language independent) This is also a security update! KB 5002471 – September 2023 Update for SharePoint Server 2019 (language dependent) …
Azure MFA to On-premises applications without ADFS and AzADAppProxy
Hi. I need to know what options do I have to force my internal apps to request Azure MFA when my clients access internally (or externally, published in the firewall). I don't want that my on-premises apps needs to go via application proxy via azure,…

saving the Identity token in the Aspnetusertokens table
Hi I created an Asp.net core 6 project and I added the Identity framework for authentication and authorization, I would like to add token management and while doing research I realized that Identity also manages the management of tokens because it…
Is is safe to use msal-browser on production ?
I am implementing SSO in React SPA with Microsoft identity & using "@azure/msal-browser": "^3.5.0" & "@azure/msal-react": "^2.0.7" as dependency. Please refer the below sample app provided by…
Is there a way an Azure customer tenanat to send his domain name as domain_hint to a B2C app
Hello, Currently, we have set up a B2C tenant that supports Local Accounts and SSO with OpenID. The purpose of the tenant is to support our customers. At the moment, the users are presented with the option to sign in with Local Accounts or to click one…

Authentication using UMI
We are getting an error Managed Identity authentication is not available when we are trying to authenticate using UMI and below is our code. Help us if we are missing on any configuration part or any code as to be changed. ManagedIdentityCredential…

Missing Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor roles in Access Control (IAM)
I'm trying to assign roles to managed identity in Cosmos DB, through browser using Access Control (IAM). Unfortunately two build in roles Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor are not there. How can I add managed…
Why Is My ServiceBusClient Token Expiring?
I have an application written in C# that processes messages placed on an Azure Service Bus Queue. This application is a BackgroundService that is started using the AddHostedService method. I am creating a credentials object using a ClientSecretCredential…