I can't create a Microsoft Entra ID tenant
I can't create a Microsoft Entra ID tenant following the instructions here: https://learn.microsoft.com/en-us/training/modules/allow-users-reset-their-password/3-implement-azure-ad-self-service-password-reset I don't see the same pages or options for…
Connect-OrganizationAddInService using Entra ServicePrincipal ID
I am trying to find if someone has successfully done this, basically automatize the deployment of an Add-in to Office 365 Client Secret: "1111111111111111111" (This is a secret that should be protected and not shown, I am having a look how to…
How do I activate a free Entra ID P2 on my trial subscription
I am trying to go through the instructions here: https://learn.microsoft.com/en-us/training/modules/allow-users-reset-their-password/4-exercise-set-up-self-service-password-reset Go to Microsoft Entra ID > Password reset. Select Get a free Premium…
Missing XboxLive.signin and XboxLive.offline_access scopes
Hello, I am trying to setup a registered app in Azure Active Directory for a web application to authenticate with using OIDC. However, the two scopes I am looking for, XboxLive.signin and XboxLive.offline_access, seem to be missing? Whenever I do request…
Graph API for managed devices list is not working
I have an application which queries deviceManagement/managedDevices API to fetch all the devices. I have given all the right permission as mentioned in the documentation. I am able to fetch access Token but when I used this access token to do a GET, I…
Unable to install service account (gMSA) after Provisioning Agent installation.
Hello, After installing AADConnectProvisioningAgentSetup.exe I am unable to finish the configuration. gMSA is created in our AD but it still says it fails; Error while creating group managed service account (gMSA). Error: Unable to install service…
Prevent constant MFA requests for hybrid workforce
Hello, Most of our users are hybrid, working remotely via VPN and locally in office. Regardless of our 30-day MFA policy, our users are prompted for MFA every few days if they move locations between working at home and at the office. We are a non-profit…
Microsoft Learn Profile Mismatch Issues
Hi Team, I was previously using my Microsoft Hotmail account: maheswari.raja@hotmail.com for writing Microsoft Certification Exams. Now, while registering for the below Microsoft Exam, I used my Accenture email id : maheswari.raja@accenture.com I would…
Enterprise applications: Microsoft Graph Command Line tools, How to restrict connection to Microsoft Graph and grant access to specific users
Hello team, I am trying to grant access to specific users to Microsoft Graph. the objective is to block public access in our tenant to Microsoft Graph. I tried using conditional access, however, in the apps to select, it doesn't show Microsoft…
Microsoft Teams integration automation
I want to add Microsoft Teams integration to my web app to create meeting links. I was able to do this by manually registering the application in the Microsoft Entra admin center and setting up keys and permissions. I'm looking for a way to simplify this…
GET /users throws InternalServerError with 200 status code and POST /users UnknownError with 405 status code
GET v1.0/users?$select=id,delet... throws…
Authenticator App - can't remove greyed out account
Hello all, I'm stuck in a strange loop using the MS Authenticator App. I'm one of the admins at my school and I've registered my phone via https://account.activedirectory.windowsazure.com/securityInfo using the MS Authenticator App. I wanted to…
How to authenticate two azure app services that has vue.js and nest.js deployed on them individually
We have two app services that hosts a vue.js front-end and a nest.js backend. The issue is that we want the nest.js backend to be secure with entraID and we did implement that, however, when the API is called, it asks the user to be logged in through…
Can you have two Entra IDs for two separate domains and a single tenant
We have a client that owns 2-3 domains under a single tenant. The parent company (companyA .com) and the child company (companyB.com) want to separate their Azure AD so companyB.com can be independent. They have 150 users in total all Azure AD joined. …
Exclude Windows Hello for Business for SSO of Global Protect
Dear PPL, I have implemented Entra ID SSO and SAML for our organization VPN Portal login. Now some ppl complaining that Windows Hello for Business they set up on their devices somehow allow them to connect GP VPN without giving MFA.... I was wondering…
Wrong SAML Claims for AppRoles
Hello, I am configuring the SAML claims for Enterprise Application in Azure. For the moment I have configured them like that: and I have tested connection to target app. Everything is fine and app can read custom_roles. Unfortunately additionally to…
How to restrict user access to a specific device
Is there a way to allow a specific user just to login on a given device ? Any other login tries should be blocked.
How can I seamlessly change an App Registrations "Application ID URI" domain?
I have a published teams app which includes tabs. The tabs point at Domain A to authenticate the user using "microsoftTeams.authentication.authenticate" and "microsoftTeams.authentication.getAuthToken()". The teams manifest.json…
Windows Active Directory setup in Azure
Hi, I plan to setup a Windows Active Directory (AD) using VMs (1 for PDC and 1 for BDC) in the Azure cloud environment and it should sync the AD in the on-prem via the established site-to-site IPsec VPN link. What are the pros and cons? Which is better…
I want to leave an organization that I can't login into anymore
I have 2 organizations / tenants attached to my MS work account, but I want to leave one of them. Unfortunately when I try to leave it from my Account I need to login some other account that I no longer can access. How can I leave this tenant?