NPS Extension for Azure MFA failing to generate MFA prompt
Hi I am trying to setup a new NPS server with the NPS Extension for Azure MFA to control access to an RDS server on-prem. Authentication works fine when not using the NPS Extension. With the NPS Extension enabled, the user does not receive an MFA…
How to Authenticate Scan to email mailbox
Our organization is trying to have all mailboxes set up with MFA. The issue is that we have scan-to-email function set up through a UserMailbox, so if we convert this to a SharedMailbox, users will no longer be able to use it for Scan to Email function.…
Joining a VM to Microsoft Entra ID Tenant
Hello everyone, I recently set up an Entra ID tenant, which currently uses the default .onmicrosoft.com primary domain. For the purpose of this discussion, let’s refer to it as XYZ.onmicrosoft.com. Now, I’d like to join a virtual machine (VM) to this…
How do we find the orphaned managed identities which are not assigned to any azure service
From a list of managed identities present in azure subscription for my account, how can I identify the managed identities which are created but does not have any roles or resources attached to it. I want to find the list of all the managed identities…
Cannot access Intune and Entra ID portals on iOS device using Edge
Hello, I'm a global admin of my tenant, but I can't seem to access Intune and Entra ID portals using the Edge browser on my iOS device. I haven't encountered any policy or conditional access that could prevent me from accessing these portals. I've…
Why is EAC and On-Prem AD showing different information?
Hi All, We have an issue whereby a users contact information, specifically their mobile number and job title isn't syncing properly between On-Prem AD as well as Exchange Admin Centre. We have removed the users personal mobile number from AD and…
Correct way to convert 365 tenant from AAD Connect Sync to cloud-only
Hi, about a year ago, one of my customers has enabled AAD Connect Sync to synchronize all users, security groups from their existing on-premise Active Directory to a freshly setup Microsoft 365 tenant. This past year all applications and services have…
if you split security into tiers as per RBAC and the same human person needs multiple accounts does each account consume an azure licence
Microsoft recommends splitting on prem and hybrid assets into tiered access T0 T1 and T2 to facilitate RBAC (role based access control). The principle being that t0 logons are never mixed with t1 logons to minimise any breach. If, therefore, an admin…
I have asp.net mvc 5 integrated with Azure Single SignOn but I'm facing an error reply url AADSTS500112 error
{"error":"invalid_client","error_description":"AADSTS500112: The reply address 'http://test.edunet.bh/account/testredirect' does not match the reply address 'https://test.edunet.bh/account/testredirect' provided when…
My Sign-Ins: Can't remove old (or compromised) MFA method
So, being new to the Azure world, I tinkered around a bit with MFA, and it struck me that it seems that I can't delete a previously added authenticator-app (there are now two registered). https://mysignins.microsoft.com/security-info What if, for…
Azure and Entra ID
Erorr Entra ID { "sessionId": "cbb209cb23dc4317b80b952cea59fa49", "errors": [ { "errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity…
Using Cloud sync with and Exchange Hybrid environment, changes after writeback are not visible.
According to the article about Exchange Writeback using cloud sync: "This scenario is now supported in cloud sync. Cloud sync detects the Exchange on-premises schema attributes and then "writes back" the exchange on-line attributes to…
WHfB "I forgot my PIN" logon option not functional
Hey guys, Just deployed WHfB and have it working well. One thing I noticed is when a user clicks the I forgot my PIN link, nothing happens. Nothing happens after logon as well. Any idea what's going on with this? If it's presented to the end-user, I'd…
Azure Provisioning Log: Understanding "TargetObjectActionDisabled"
Hi there, I'm trying to find out what following SkipReason means. TargetObjectActionDisabled The log entry is as follows: Result: Skipped Description: User 'xxx' will be skipped. Skip Reason: The Add operation was not performed because the Add…
How do you use a conditional access policy to block end users access to Admin Portals while allowing end users to download office from portal.office.com?
Hi wonderful people With portal.office.com now classed as an Admin Portal: From support How do you use a conditional access policy to block end users access to Admin Portals while allowing end users to download office from portal.office.com? …
Azure B2C - custom policy ROPC - Set grant_type, scope and client_id as default
I could made a ROPC call to get access token with username, password, grant_type, scope and client_id as parameters. Is it possible to configure default parameters for grant_type, scope, and client_id in XML when making an ROPC call to obtain an access…
I can log into MS Azure Portal using my Office365 account but cannot view my home tenant
I have Office 365 account with active subscription. I can log in to MS Azure Portal using my Office 365 account. When I click View on 'Manage Microsoft Entra ID', I get the following error: { "sessionId":…
Automatically Provision Azure DevOps Licenses Based on Entra ID Group Membership
I am working with Microsoft Entra ID and Azure DevOps, and I am exploring the possibility of automatically provisioning Azure DevOps licenses to users based on their Entra ID group membership. The Azure DevOps organization is connect with Microsoft…
How to migrate all Entra users from static access to PIM?
I want to implement PIM for all users who are assigned Entra AD roles as permanent assignments. Now I need to implement PIM so that these active role assignments can be converted to PIM eligible. How can I do that? Is there any auto or APIs available for…
Identity Protection-Risky Users error when attempting to dismiss user
Hello, I have a user in my Identity Protection>Risky Users that has been there for several months. This user was deleted a long time ago, and therefore I do not understand why this user is in the Risky user section? When I try to dismiss the user,…