Graph API for managed devices list is not working
I have an application which queries deviceManagement/managedDevices API to fetch all the devices. I have given all the right permission as mentioned in the documentation. I am able to fetch access Token but when I used this access token to do a GET, I…
Unable to install service account (gMSA) after Provisioning Agent installation.
Hello, After installing AADConnectProvisioningAgentSetup.exe I am unable to finish the configuration. gMSA is created in our AD but it still says it fails; Error while creating group managed service account (gMSA). Error: Unable to install service…
Transitioning from SQL Database to Custom Attributes for Azure Blob Storage User Access in B2C User Flow
I have an API that allows B2C users to upload/download files from Azure Blob Storage containers. Currently, I use an SPA with an Azure Function that sends the upload or download request to the Azure Blob Storage container that the user has access to…
Prevent constant MFA requests for hybrid workforce
Hello, Most of our users are hybrid, working remotely via VPN and locally in office. Regardless of our 30-day MFA policy, our users are prompted for MFA every few days if they move locations between working at home and at the office. We are a non-profit…
Microsoft Learn Profile Mismatch Issues
Hi Team, I was previously using my Microsoft Hotmail account: maheswari.raja@hotmail.com for writing Microsoft Certification Exams. Now, while registering for the below Microsoft Exam, I used my Accenture email id : maheswari.raja@accenture.com I would…
Enterprise applications: Microsoft Graph Command Line tools, How to restrict connection to Microsoft Graph and grant access to specific users
Hello team, I am trying to grant access to specific users to Microsoft Graph. the objective is to block public access in our tenant to Microsoft Graph. I tried using conditional access, however, in the apps to select, it doesn't show Microsoft…
Microsoft Teams integration automation
I want to add Microsoft Teams integration to my web app to create meeting links. I was able to do this by manually registering the application in the Microsoft Entra admin center and setting up keys and permissions. I'm looking for a way to simplify this…
GET /users throws InternalServerError with 200 status code and POST /users UnknownError with 405 status code
GET v1.0/users?$select=id,delet... throws…
Authenticator App - can't remove greyed out account
Hello all, I'm stuck in a strange loop using the MS Authenticator App. I'm one of the admins at my school and I've registered my phone via https://account.activedirectory.windowsazure.com/securityInfo using the MS Authenticator App. I wanted to…
How to authenticate two azure app services that has vue.js and nest.js deployed on them individually
We have two app services that hosts a vue.js front-end and a nest.js backend. The issue is that we want the nest.js backend to be secure with entraID and we did implement that, however, when the API is called, it asks the user to be logged in through…
Can you have two Entra IDs for two separate domains and a single tenant
We have a client that owns 2-3 domains under a single tenant. The parent company (companyA .com) and the child company (companyB.com) want to separate their Azure AD so companyB.com can be independent. They have 150 users in total all Azure AD joined. …
Exclude Windows Hello for Business for SSO of Global Protect
Dear PPL, I have implemented Entra ID SSO and SAML for our organization VPN Portal login. Now some ppl complaining that Windows Hello for Business they set up on their devices somehow allow them to connect GP VPN without giving MFA.... I was wondering…
Wrong SAML Claims for AppRoles
Hello, I am configuring the SAML claims for Enterprise Application in Azure. For the moment I have configured them like that: and I have tested connection to target app. Everything is fine and app can read custom_roles. Unfortunately additionally to…
How to restrict user access to a specific device
Is there a way to allow a specific user just to login on a given device ? Any other login tries should be blocked.
Azure AD Connect service fail to start after ASR
Hello, I've recently added our Azure AD Connect server to Azure Sit Recovery. It was fully replicated recently, and I just completed a test failover in an isolated environment. For a few reasons it is not acceptable to allow this failover test version…
How can I seamlessly change an App Registrations "Application ID URI" domain?
I have a published teams app which includes tabs. The tabs point at Domain A to authenticate the user using "microsoftTeams.authentication.authenticate" and "microsoftTeams.authentication.getAuthToken()". The teams manifest.json…
Windows Active Directory setup in Azure
Hi, I plan to setup a Windows Active Directory (AD) using VMs (1 for PDC and 1 for BDC) in the Azure cloud environment and it should sync the AD in the on-prem via the established site-to-site IPsec VPN link. What are the pros and cons? Which is better…
Azure AD B2C - List user accounts deleted and updated
We are using Azure AD B2C for all of our customer accounts. We want to identify the following for the last 5 days. Which user accounts were deleted. Which user accounts were updated. Questions Is there a graph API that will return the above…
I want to leave an organization that I can't login into anymore
I have 2 organizations / tenants attached to my MS work account, but I want to leave one of them. Unfortunately when I try to leave it from my Account I need to login some other account that I no longer can access. How can I leave this tenant?
Entra on-premise password protection, without deploying Azure, hybrid environment
We have an on prem AD, with one way AD sync to M365 on E3 level. We are looking for clarification to the following question, want to know if it is possible to deploy Entra on-premise password protection, without deploying Azure/Entra AD?