How to allow users to register for MFA from home without excluding them from location based conditional access policies
We have a requirement where in small number of cases users (new starters or MFA issues) need to register for MFA from a remote location. We have a conditional access policy which restricts access to Azure cloud apps from outside corporate office. We…
Problem with "exclude" user/target resource in conditional access policy
Hi, I have been trying to restrict 1 user to access only 1 app on Azure Entra ID, so I use the condition access policy under security tab. I have put the conditions as follows: user: userx@microsoft.com Target Resources: Include All cloud apps &…
How do I add an OIDC identity provider to my new Entra External Id (CIAM) tenant
I have a regular Entra tenant (described now as workforce ?). I now also have an external Id for customers tenant. In the past using B2C, I was able to create a custom policy that allowed a user to sign into b2c registered applications using a federated…
Multiple group Member details download from Azure
From the Azure portal I would like to perform the below job, how can I do that Want to download all members of Group A, Group B, and Group C with group mapping All member details with associated group, from example user1 has member of 5 group ,…
Conditional access & Authentication Strength policy
Hi to all, i am struggling to setup a working authentication policy but i am hitting a wall all the time!.. First of all we have entra P1 license and tenant is registered before 2019.. When i am using per user MFA setting all works fine to enforce MFA…
Error when trying to set up Application ID URI for Double Key Encryption
I am trying to set up Double Key Encryption, following the steps in https://www.youtube.com/watch?v=vDWfHN_kygg. However, when trying to expose an API, I get the following error: Failed to update Application ID URI application property. Error detail:…
How to get azure field in servicenownow
I done the sso integration, but i need without provisioning, how to get fields like city,titile, deparment,mobilenumber in servicenow via sso attribute and cliams, is it [possible to get field
Entra ID - Device registration - Require MFA
Hi There, I have conditional access policies for enforcing MFA during device registration with Entra Id. The policy is currently in report-only mode and during the monitoring phase, it didnt show up any user hits or impact. Keen to know what all can be…
'userRegistrationDetails' graph API not listing all users MFA details
I'd like to get customer's users who do not use MFA. I can do this using PowerShell but I didn't find a method property on graph API to get user's "strongauthenticationrequirements.state". I am using graph API …
We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later
We have added federated login(Sign in with Google) to our application on top of Local Account Sign up. Local Account Sing up is working well and there is no issues but sign in with google we are facing this error **"**We encountered an…
Restrict Microsoft Graph API permission
Hello, one of the applications in the tenant needs permissions to the Graph API AppRoleAssignment.ReadWrite.All with the Application type in order to automatically manage AppRoles assignment in the application. However, these permissions pose a high…
Assigning contributor role for subscription to new user (with company email address) fails
I want to add a new team member to my Microsoft Azure Sponsorship subscription as a Contributor. On portal.azure.com, I clicked on Subscriptions Selected the Microsoft Azure Sponsorship Clicked Access control (IAM) By clicking on View My Access,…
Automation of Azure ADB2C Configuration
Hello Everyone I have a project where I need to automate the Azure AD B2C configuration using Terraform. The main tasks involve registering applications and maintaining custom policies. Could you please help me get started and guide me on any available…
Microsoft Entra Id - Sign In event list
Hello Team, Do we have list of events which will return from this API? - https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http Thanks, Ravi P.
Failed to Activate Intune Admin role (Additional verification required)
Today when I was trying to activate Intune Administrator role, it asked me for Additional Verification. Once verification is done it still asks for Additional Verification and then it continues like a Loop and Intune Admin role is never activated. Issue…
Can't recover Global Admin in Entra Admin Center
Hi, I realized that my one and only user in the Entra Admin Center is not the Global Admin and I have only a 'Member' role. How can I gain back that Admin role or get it at all?
Microsoft Entra Id - Provisioning Log API
Hello Team, Provisioning logs contain only user provisioning or it also contains any other provisioning like group, resource etc. I could see only user provisioning logs even though, we had created group provisioning. Group provisioning logs come…
What is the best way to execute PowerShell graph command executed against Azure / Entra ID ?
What is the best way to execute the PowerShell graph command executed against Azure / Entra ID ? $date = (Get-Date -Format "yyyy-MM-dd") 2Get-MgRiskDetection -All -Filter "ActivityDateTime ge $date and RiskLevel eq 'high'" The report…
Can I put the value of instanceDurationInDays in minutes for the QA while creating access reviews using powershell?
I am able to create an azure access reviews with Graph API 1.0 using PowerShell. Now, there is a property called instanceDurationInDays which should have an integer value. The access review will remain active for the number of days of the value of…
Error when creating sensitivity label using multiple infotypes
While attempting to create a sensitivity label using a large number of sensitive info types, we received an error that said: "The generated rule blob is too long. The maximum length is 49152 and the length of the rule blob is 86516." How can…