Conditional Access policy to require one of two MFA options?
We have Duo mfa configured and in use in our org. Duo works just fine as an mfa provider for Azure AD auth. We've been told my MS that a CA rule can be set to require Duo or MS mfa during auth. Has anyone actually tested this out and can describe the…
unable to reset password 'due temporary issues'
when i try to reset password for users in my domain i getting this error"we're sorry, we're not able to reset this user's password right now. this may be due to temporary issues on our end. please wait a few minutes and try again" kindly…
Microsoft authenticator applicaiton for windows 10 OS
Hello, Did anyone know if a windows 10 version of the Microsoft Authenticator application is available? Currently, the app is only for ios and android platforms. Thank you
We have P2P certs on our clients and servers seems to have been deployed via Azure without us intentionally doing anything?. Causing SCOM alerts because issuer not trusted!
Use case seems to be limited to RDP in same tenant between devices. BUT cert in the AAD Token Issuer folder MS-Organization-P2P-Access [2021] used for issue certs locally not trusted by ROOT CA causing SCOM ALERTS! What is the correct way to solve this?…
You are not eligible for an Azure Free Trial Subscription
I tried with a old and 2 new Microsoft accounts to register and try out Azure free trial, but always get the message "You are not eligible for an Azure Free Trial subscription", all the information was not used before on azure free trial…
search graph query not able to recogniz
Even az resource gaph module is already there it is giving error as below 'Search-AzGraph' is not recognized as an internal or external command
How to skip OrchestrationStep related to MFA (ClaimsExchange) if login prompt was not displayed
Hello Team, We have CombinedSignInAndSignup step which shows login prompt if the session is not active and this is followed by ClaimsExchange which does phone SMS or call) authentication. In case of an active session (either 'Keep me signed in'…
How to skip OrchestrationStep related to MFA (ClaimsExchange) if current session is already active
We have a CombinedSignInAndSignup step that displays a login prompt if the session is not active. This step is followed by a ClaimsExchange, which handles phone SMS or call authentication. When there is an active session (whether ‘Keep me signed in’ is…
Authentication Issues using AAD Kerberos for Azure file shares
I have ran and re-ran through the prerequisites. "The Azure AD Kerberos functionality for hybrid identities is only available on the following operating systems: Windows 11 Enterprise single or multi-session. Windows 10 Enterprise single…
Issue with authenticating API management with Azure OpenAI services using managed identity
Hello, We are trying to connect API management services with one or multiple model deployments on Azure OpenAI services. Basically we are trying to do some version of what is shown in this repo (and this blog post). Following the instructions, we have…
How to remove a 'dangling' Access Control (IAM) assignment for User Access Administrator?
A User profile was set as User Access Administrator, the mistake was recognized, and the User profile was deleted... However, after the deletion, there is a 'dangling' Access Control (IAM) entry indicating ("Identity not found") which makes…
Use Okta MFA claim with Security Defaults (not Microsoft Authenticator)
We have multiple tenants, one of which is licensed and is configured to provision users from Okta. Our other tenants are free-tier and have Security Defaults enabled to enforce MFA. We invite employees at their Okta user email to become B2B Collaboration…
JWT ID token using different jwks uri which has appid parameter
JWT ID token generated in this Azure AD Application is using keys from "jwks_uri": "https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}" rather than using the keys from this link…
Request Entra ID Access
Hello, We recently took over a legacy application from a customer that uses MS Entra ID (formerly Azure AD) to manage their RBAC. The previous company had access to it, and now we also need access to the Entra ID. The admin from our client mentioned that…
AD B2C: Where is Documentation for `{service:te}` In a Custom Policy Technical Profile?
There are serval examples throughout the AD B2C documentation that utilize {service:te} as the value for the client_id. The following example was taken from here. <TechnicalProfile Id="JwtIssuer"> <DisplayName>JWT…
How is the scope of the permission defined? GroupMember.ReadWrite.All
GroupMember.ReadWrite.All The application permission is defined as: Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be…
Users suddenly got incapable of MFA
Users suddenly got incapable of MFA. All sign in methods got removed
Microsoft 365 is "requiring" set up authenticator app as verification method. No other option other than app on a phone. How do I choose SMS or Voice as my only options?
I have made several changes but it appears all new users only have the option to get the authenticator app, I have disabled the microsoft managed options. I have diabled the registration campaign. Under authentication methods I have checked microsoft…
No Apps available on Company Portal
Hi there, I successfully deployed Company portal app to macOS device. However, when I navigate to apps, it says no apps are assigned to this device. How can I assign apps to users using Company Portal? Any help will be much appreciated.
Passkeys for Android devices
Hello, Referring to this article: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-mobile?tabs=Android What's the difference between "Passkey" and "Passkey in Microsoft Authenticator" as…