Windows Configuration Designer cannot retrieve Bulk Enrollment Token
Hello. Trying to update our Intune enrollment package with a new Bulk Enrollment Key and running into an error after Authenticating to retrieve the token. I have not been able to find anything related to the error code. This worked a few weeks ago…
MFA Conditional Access Policy For All Users, Still Showing Non-Compliant in Defender.
Hello, We currently have three conditional access policies in Entra ID for Multi-Factor Authentication (MFA), and having multiple policies seems redundant. Here's a brief overview of each: Microsoft-Managed Policy: This policy automatically applies to…
Admin locked out of Azure B2C
Hello! I have a b2c instance that I've been locked out of named "psecsapidev01.onmicrosoft.com". It worked fine until a couple of weeks ago when I stopped being able to log in. The admin account is correctly registered and I still have access…
Converting "Federated user accounts" to "Managed user accounts"
Hello I am using "Microsoft Entra ID Free Subscription." I want to convert "Federated user accounts" to "Managed user accounts." I tried to follow these instructions in Power Shell to no Avail: Install-Module MSOnline…
How to Increase Access Token Lifetime to 24 Hours?
I’m using the following URL to generate an Azure AD access token via Python: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token The token I get has a lifetime of 3600 seconds (1 hour), but I need it to last for 24 hours. Is there any way to…
Why am I seeing "Windows Sign-in" activity for an Azure AD registered (not joined) device?
Hi, My device is only Azure AD registered, not Azure AD joined. However, I am still seeing Windows Sign-in activities showing up in the Azure AD sign-in logs. Could someone please explain why this is happening? Is it expected behavior for Azure AD…
Incomplete Results from PIM Role Assignments API
I’m experiencing an issue with the Microsoft Graph API (both beta and v1.0) when querying PIM (Privileged Identity Management) eligible role assignments. Specifically, the API is not returning the complete set of role assignments — it appears to be…
Lost access to authenticator app and unable to log in due to this. (I am the only administrator also)
Hi everyone! Suddenly I lost my phone with Authenticator app and can not log in right now (I am talking about business/organisation account) because there is no other way to confirm my sign in and also no way to reset it somehow. I can not ask…
Conditional Access Policy Assistance
I would like to create policies through conditional access allowing users to access Microsoft 365 web apps through their browsers but only from specific IP addresses. I want them to also be able to still receive email on their phones from any location…
Best Practice for Updating Custom User Attributes (e.g., is-enrolled) via MSAL and Backend Integration
Hi everyone, I’m working on a project that uses Entra ID and MSAL for authentication (React frontend + FastAPI backend). Use Case: I want to add a custom user attribute called is-enrolled to a user in Entra ID. Once a user goes through an…
Set-MsolDirSyncEnabled -EnableDirSync $false after MSOnline PowerShell Retirement
after MSOnline PowerShell Retirement how can we convert users to cloud only or should we do that prior to retirmenet
Error fetching users from Microsoft Entra ID: "$top query has been exceeded"
Hello everyone! I'm integrating a Microsoft Entra ID application with a web app I'm building. The initial connection between the app and Entra ID is working fine. However, when I try to fetch the list of users via the Graph API, I get the following…
AAD DS 109 Alert and Compromised User Accounts
An alert was received on the domain service indicating AAD DS 109. The alert resolved itself, but several user accounts were blocked from sending emails to external recipients. Affected users have changed their passwords and were unblocked, yet one user…
Issue with SAML SSO Integration – Application Not Recognized in Azure AD Tenant
Dear Microsoft Support, We are currently setting up SAML-based Single Sign-On (SSO) integration between our FortiGate Firewall and Azure Active Directory. During testing, we encountered the following error: AADSTS700016: Application with identifier…

I cannot log in to my tenant, I get the AADSTS5000224 error
I cannot log in to my tenant, I get the following error: Sign-in failed Error code: AADSTS5000224 Error message: AADSTS5000224: We are sorry, this resource is not available. If you are seeing this message by mistake, please contact Microsoft support.…
invalid_resource: AADSTS500011: The resource principal named https://[xxx] was not found in the tenant named [zzz].
Note: I have introduced placeholders [xxx], [tenant id], [application id], [zzz], cause this is a public support request. High level We want to give Excel access to our business data for reporting using the Excel OData feed, and authenticate using an…
Access review create for Azure resources role
Hi All Cn you explain me the Access review create for azure resources role we have 4 Subscription how to start exploring the step by step. Quation can we set access review at time maltiple subscription
Azure Admin Account with Lost MFA Access
Hi, I am having a quite similar problem with this thread, https://learn.microsoft.com/en-us/answers/questions/2259103/how-to-recover-admin-microsoft-account-with-lost-m but in my situation, my old phone ( with Admin account MFA setup) was lost and I…
How to delete default domain in Entra ID B2C?
Could you please advise on the appropriate steps to request the blocking of the default domain (<tenant-name>.b2clogin.com) in Entra ID B2C, as recommended in the official documentation? We have already configured a custom domain for our B2C…
SCIM token apple business manager
How to find which SCIM token I am using. As I have 2 different tokens registered, one expires this year and the other next year. Am I ok to remove the one that expires this year leaving next years intact?