Is a P1/P2 Entra ID license per user or per tenant?
I am reading various articles about Microsoft cloud security features. Many of them list having a Entra ID P1 / P2 license as a prerequisite. But I am unclear on exactly what that means. On the Azure portal, the "All Services > Licenses"…
Could I Hide "Choose an account to continue to b2clogin.com" in Azure B2C with Google sign IN?
Hi! I am working on a project with Azure B2C where we are using Google as Identity Provider, client says us that they want to hide (or change) the URL (b2clogin.com) who appears when you are going to sign up with Google: After a depth look in the Google…
Azure B2C for a Blazor WASM randomly stopped working?
Hey all sorry to be a burden but I am running out of options for this so I thought I would ask Over the Easter Break I taught myself how to implement Azure B2C in a Blazor WASM+Api environment for SPA (using .Net 7). I followed this tutorial for the…
SAML SSO certificate issue with Freshservice
the current SSO certificate to be expire soon, create a new SAML SSO certificate, download base64 cer, paste who details in the freshsevices security cert field, save, and then active the new certificate in azure....then SSO in new web browser, not…
Derivation of AuthnInstant attribute value
I am using Microsoft Entra ID as IDP for my web app for SAML SSO. When I navigate to my application in Chrome the AuthnInstant is from 2 days ago, however for the same URL in Chrome incognito mode it AuthnInstant is current date-time and for Firefox it…
what are Microsoft security recommendation for Microsoft Entra
hello, We are setting up a Microsoft Enterprise tenant; what basic recommendations can we make to make it more secure? Like we know, we like to implement MFA,CA ,PIM ,Audit log anything apart for this specially from IAM side security. Thanks Richa
How to BULK GROUPS to a User
Hello, As part of our onboarding process we are required to create user accounts in Microsoft admin center. Once created, we need to add this user to multiple different groups. The process to do this in the admin center is incredibly frustrating and is…
Lost Global Admin Access to Tenant because of lost authenticator
Hi I have lost Global Admin Access to my tenant because of MFA. I do have my phone number registered in the SSPR (so I can reset my GA password) but not in MFA so when I lost my authenticator I cannot log into the Azure Portal using my Global Admin…
Get-MgDirectoryOnPremiseSynchronization : Insufficient privileges to complete the operation as the Global Administrator?
What are the additional required permissions on top of the Global Administrator to execute the below read only command? Connect-MgGraph -Scopes OnPremDirectorySynchronization.ReadWrite.All Get-MgDirectoryOnPremiseSynchronization The error I am…
Require app protection policy and Blocking Legacy Authentication
Hello, It is a little bit unclear the scenario of the policy deployment. In one of the articles, the recommendation is to Block the Legacy…
Intune Devices showing as 'not active' in compliance settings regardless of clicking 'sync'
We have a hybrid set up, with Intune MDM. I just pulled a report for all non-compliant devices and wanted to make sure that they were set to compliant. We have a user with a non-hybrid device, but intune enrolled. Intune is saying it is 'inactive' even…
Cannot get Intune to remove users as Administrators
Hello we are transitioning from AD to AZURE AD (not autopilot) and registering our devices with AZURE AD, and installing Intune from the Microsoft store on the endpoints afterword's, set to auto enrolment. We noticed that when we join the device to…
How to connect to Azure Storage account via OAuth2.0 from Azure APIM?
Step1: Created an application in Microsoft Entra ID under "App registrations". Step2: Recorded the following details: Client ID Client secret Access token URL Step3: For the Storage Account, added a role assignment and grant access to the…
Config & Debugging - Entra + On-Prem SQL Server
I have the following configuration and I'm wondering what the best way to configure and develop the code is. I have an Azure App Service App that needs to connect to two different SQL Servers. Azure SQL Server (12.0.2000.8) SQL Server…
AADSTS51004 problem on Azure with Google federation
I have integrated Microsoft Office 365 App in Google Suite following the instructions. One domain works fine with SSO and user sync. Second domain is not pssible to logon: AADSTS51004: The user account user@my2nd.de does not exist in the xxxxxxxx …
Configure federation between Google Workspace and Microsoft Entra ID error AADSTS51004
Hello, After follow the steps of this guide https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust I'm testing the login. I am getting the redirect to google when try to sign in but after that I get this error: Request Id:…
AuthorizationPermissionMismatch error when accessing blob file with indirect permission in RBAC
Hi, I'm using BlobContainerClient for accessing blobs from code (C#) private async Task<BlobClient> GetBlobClientAsync(string blobName, string container, CancellationToken cancellationToken) { var containerClient = await…
problem enabling SSPR in AD Connect Server
Hello; when I try to enable password reset in the AD Connect server, in the "Configure" last step or "Configuration complete" screen, show this message: "Unable to configure password writeback. Please consult the event log…
Authorization error from deploying management group to tenant using az cli with owner/contributor role.
Below is the error I got trying to deploy new management group. I have contributor role on my service principle. {"code": "AuthorizationFailed", "message": "The client '' with object id '' does not have…
Release date for Microsoft Entra custom claims provider
Hi, Was just wondering when custom claims provider, which is currently in preview, was intended to be released? https://learn.microsoft.com/en-us/entra/identity-platform/custom-claims-provider-overview Thanks, Tim