TENANT LOCKOUT - FAULTY CONDITIONAL ACCESS POLICY
We have been locked out of our tenant for almost 3 weeks now due to a faulty Conditional Access policy. During these 3 weeks, there have been countless conversations with a number of Microsoft support agents/technicians, none of which seemed to have an…
Azure users signing in non-interactive to BING app from CH
Hi. Azure signing logs show that we have a user signing in non-interactive from a Chinese IP address that belongs to a middle School in China. In a region the user had visited 4 weeks before. I see a lot of these sign-ins for various users in other…
sqlcmd fails to connect to azure sql server because of mfa, but active directory says mfa is disabled
I have been following this guide: https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-access-azure-sql-with-managed-identity and have reached the step "Grant SQL database access to the managed identity". I have…
In Entra External ID CIAM, will it be possible to add any external identity provider without a verified domain or DNS change?
We have various customers that have IdPs with their own companies and would like to use their identities to log in to our customer-facing applications. In Entra External ID CIAM, will it be possible to add any external identity provider without a…
Everyone locked out of tenant due to a faulty Conditional Access Policy
We have been locked out of our tenant for almost 2 weeks now due to a faulty Conditional Access policy. During this week, there have been several conversations with a number of Microsoft support technicians, none of which seemed to have an understanding…
Is it possible to receive notification emails when PIM (Privileged Identity Management) assignments are removed?
Hi all, As a global administrator I'm receiving email notifications when users are assigned any PIM Entra roles. However, when those user roles are removed by other administrators I'm not receiving any notifications. Is there any configuration I…
Invalid Content-Security-Policy Header when using Custom Policy with JourneyFraming
I'm looking into embedding the Azure AD B2C sign-in page in an Iframe in my SPA. Following the documentation, I have added my domains (MYDOMAIN1, MYDOMAIN2) in the JourneyFraming element of my Custom Policy. The authentication works - however, there are…
Sign in to continue. Some components of this app require you to sign in.
I am running into an error message when I log into Dynamics365. After signing in successfully I receive the error message detailed below. I have also attached screenshots of the error message I receive. Sign in to continue. Some components of…
myapps.microsoft.com shows a blank page but then I refresh and it works
When I access myapps.micorsoft.com I initially get a blank page but if I refresh the site comes up. I looked into the network flows and the issue appears to be that during the first attempt at access I receive a 400 status code from a request to…
Unable to access azure portal
Received usual error code when attempting to log-in to start training Error message Interaction required The portal encountered an issue while attempting to retrieve access tokens. We suggest attempting to sign in again, or alternatively, continuing…
B2B-Self service sign-up userflow
Hi, I have setup a self-service sign-up user flow for our b2b users,when they click on application link they can sign-up (if not having an account) and then their identity is created in tenant. The issue I am facing is I am not finding a way which…
Document Intelligence Studio Label Data Key based authentication error
Hi, i have set up a storage account with a container. i have disabled key access and added my Entra id to the roles with storage data contributor and added the system assigned identity of document intelligence identity with storage reader role to storage…
How do I send email from Linux machines to Microsoft 365 accounts with oauth2
I have been using app passwords successfully to authenticate users in Linux web applications and to send emails to users. A few days ago, this stopped working. SMTP Auth methods no longer work. My account settings show that Authenticated SMTP can access…
AuthorizationPermissionMismatch error when accessing blob file with indirect permission in RBAC
Hi, I'm using BlobContainerClient for accessing blobs from code (C#) private async Task<BlobClient> GetBlobClientAsync(string blobName, string container, CancellationToken cancellationToken) { var containerClient = await…
Add eligible assignment for Azure resources in PIM
We have implemented PIM to assign Microsoft Entra roles and PIM is working normally. To extend PIM for Azure resources, I'm trying to add eligible assignment for Azure resources (Owner of a subscription) in PIM but hit an error message: Role assignment…
Rotating Kerberos key for Seamless SSO in multi-domain forest with Azure AD Connect
What is the correct procedure for rotating the Kerberos key used in Seamless SSO when configured in a forest with multiple domains and synced with multiple tenants through Azure AD Connect? The documentation recommends running the Update-AzureADSSOForest…
How to resolve Invitation Redemption failed error in a B2B SAML Federation scenario with OKTA
I am currently testing the integration of OKTA as a SAML federated service, with Entra, for B2B guest access. This is a prelude to an urgent live deployment requirement that I have for a client. I have created an OKTA developer account, configured the…
Is there a way to create an Azure alert on a security group?
Hi, Does anyone know if it is possible to create an Azure alert on security groups?
Moving hosted O365 email from GoDaddy to Microsoft with a standalone Azure tenant
Good afternoon! I am working with my customer to migrate their Office 365 Mailboxes, OneDrive, SharePoint, and Teams from GoDaddy directly to Microsoft. GoDaddy automates much of this with a high level migration overview of: Approval Creation of a new…
How to Authenticate Scan to email mailbox
Our organization is trying to have all mailboxes set up with MFA so we can turn of legacy. The issue is that we have scan-to-email function set up through a UserMailbox, so if we convert this to a SharedMailbox, users will no longer be able to use it for…