How do I mitigate "AADSTS7000215: Invalid client secret is provided" ?
Hi, I'm trying to obtain token on: login.microsoftonline.com/common/oauth2/v2.0/token I'm receive the error: AADSTS7000215: Invalid client secret is provided I am sure that client_secret is correct and not expired. Also, I encoded the…
Getting the error "cannot establish a connection to the domain controller(is) associated to a forest named: contoso.com"
Hello, We reached our 10GB limit on our current ADConnect/SQL Express instance. We are working on moving the DB to a full SQL server. I stood up a new Entra connect server. While going through the wizard it gives me the error in the screenshot. The…
Unable to Authenticate Azure file share with on-premises active directory users.
I have enabled ADDS authentication for my storage account. I did this by setting up an on-premise Active Directory on one of my Azure VMs and providing Storage File Data SMB Share Elevated Contributor access to the file share. Now, I am able to mount the…
AZUREADSSOACC Key Rollover no longer works using Hybrid Identity Administrator creds
Hi I use a PowerShell script in an Azure Hybrid Worker Runbook to automate the rollover of the Kerberos decryption key for the AZUREADSSOACC computer account. It uses a service account in Entra ID which is assigned the Hybrid Identity Administrator…
When i am creating a host pool using my AD as the directory there is failure. Although when the host pool is created, session host are getting deployed after this.
i have a custom domain hosted in azure VM and synched with my azure AD(entra). User are getting synched except my enterprise admin used to create the sync. VNET is good and DC is in the subnet for which i am selecting my Azure VDI host pool. Although…
Why does daemon app require user sign-in in API service principal?
I am following the code sample here: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/tree/master/2-Call-OwnApi#register-the-client-app-daemon-console I am not using the sample code API, instead I have a simple test API. Both API…
No Mobile Phone Option for AAD B2C SignIn or SignUp
Hello, We currently encountered a situation in which a user didnt have a mobile phone to sign up to create an Entra ID account. The mobile phone is required to send them a verification code as our account sign up is password-less. Is it possible to have…
How to add social account signup button in the sign up screen?
I am using the Signup and Signin user flow in Azure AD B2C where I have configured the Microsoft as the identity provider. In Signin page the **Login with Microsoft** button is present. But if I head over to the signup page the button is not visible. …
Unable to Access Windows Server 2019 Datacenter Using Azure Active Directory User
I am facing an issue while attempting to access a Windows Server 2019 Datacenter instance using an Azure Active Directory (Azure AD) user. Despite configuring various settings on the server, I encounter an error stating "the username or password is…
How to distribute the app which is created on entra.
How to distribute the application or what are the ways to distribute it between different organisations?
Can app registration limits also be removed on Azure B2C just like in Entra ID
I found the following documentation about Entra ID. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/quickstart-app-registration-limits I would like to know if this documentation: Also apply for Azure B2C Can this custom…
Want to provision only users which are added/removed in the Groups(either security or microsoft 365) to the provisioning application and not other users, can this be possible?
I want to provision only users who are added/Removed in the Group(Either security or Microsoft 365) using the "Provision Microsoft Entra ID Groups" with the scope filter based on the display name and don't want to provision other users on the…
Authorizing only properly tagged resources for Autopilot provisioning
Hello, I need to create a conditional access policy for Windows OS, that allows the Microsoft Intune Enrollment app if and only if the provisioning machine has been registered and provided with a specific tag (e.g.: COMP-HYBRID). To achieve this goal I…
Issue with .NET application when users try to sign in using MSAL. Authentication only works for user that created the application registration.
I am having issues with a .NET application when users try to sign in using MSAL. Authentication does seem to work with my account, which was the one that created the application registration. The error message a user gets when they try to sign in is…
Troubleshooting Synchronization Issues with mail and proxyAddresses Attributes in Microsoft Entra Connect
I have a problem synchronising the mail and proxyAddresses attributes from on-prem AD via Microsoft Entra Connect tool (Azure AD Connect) to Entra. The synchronisation is successful for all other attributes except for these two. All settings and logs are…
Mg Graph Sign-In logs showing data more than 30 days older
Hi folks, Hope you are doing well! I'm using a PowerShell script based on MG Graph module to get the last sign-in date of all users. PS script: Now as specified here Azure AD only stores Sign-ins data until 30 days in P2 license, but in the result of…
Cannot find list of IPs/Domains for Microsoft Entra Cloud Sync
Hello, Working on firewall rules for Microsoft Entra Cloud Sync from on-prem to cloud. When looking for Entra ports Microsofty provides a link to…
Unable to create tenant on azure
I have an azure using my Microsoft personal account, I have deleted the only one default tenant, I was planning to create a test tenant as a prerequisite to try Microsoft power apps for free using my MS personal account. now errors raise on azure portal…
Cannot disable per user MFA
Hello Please i need your help on this issue. We are experiencing difficulty in temporarily disabling per user MFA (Multifactor Authentication). On the Microsoft 365 admin center we have disabled Multifactor Authentication for all users. But when the…
How do I fix my orphaned Azure account?
Hello - My account is apparently orphaned. There is only one account in the tenant and I cannot use that account to do other that log into the portal. I no longer have access to the username/email, but I have added an additional email address that I do…