Seamless SSO testing
I would like to know if we can test the AD/EntraID connect seamless SSO in one windows machine without GPO policy,if so how?
User provisioning NotEffectivelyEntitled
Hi, When using SAP SuccessFactors to Active Directory User Provisioning service, the default SkipOutOfScopeDeletions is set FALSE. Because we had some problems with getting the most recent employment information, encouraged by Microsoft…
Entra ID authentication Methods enable only FIDO and Authenticator, however, Global Admin continue seeing Phone and email
Hello team, I did the migration for authentication methods to only use Entra ID authentication methods. However, Global admin continue seeing Phone and email as option for the verification method For a regular user, this is correct, it only shows…
How to block connections with cached access tokens, when the user's IP changes
We have a conditional access policy set up to block Entra/EOL logins from location-based IP addresses. This is working as expected. What we are seeing is, the attacker will get a US based IP, steal a login session token, then their IP will change to a…
Microsoft Entra External ID no wizard for external guests
Hello, I am setting up Entra External ID with an external tenant. Self-sign up is disabled, but invitation through the application is enabled. When someone comes from an identity provider such as Microsoft Entra ID, I want to enforce MFA (Multi-Factor…
How to configure multiple group based filtering in Azure AD connect sync
I have configured Azure AD connect sync using group based filtering so only member of a group Azure-Sync are synchronized to AAD. However, there is biz demand that we should add one more group for filtering group name is Azure-Sync-IT. Member of either…
What is the best way to execute PowerShell graph command executed against Azure / Entra ID ?
What is the best way to execute the PowerShell graph command executed against Azure / Entra ID ? $date = (Get-Date -Format "yyyy-MM-dd") 2Get-MgRiskDetection -All -Filter "ActivityDateTime ge $date and RiskLevel eq 'high'" The report…
Connect to AAD using automation account Runbook
Im trying to connect to AAD and get AAzure application details using runnbook and manage identity on automation account but , im receiving the below error: Connect-AzureAD: Line | 23 | Connect-AzureAD -AccountId $azureContext.account.id -TenantId…
Can't create Quick Access configuration - Global Secure Access
When creating Quick Access configuration in Quick Access | Create Quick Access configuration I get: Network access settings Application operation failed. no further information is provided in the error. I do have a connector set up correctly and on in…
Entra ID - Device registration - Require MFA
Hi There, I have conditional access policies for enforcing MFA during device registration with Entra Id. The policy is currently in report-only mode and during the monitoring phase, it didnt show up any user hits or impact. Keen to know what all can be…
Why has my long running 90 day inactive Guest Access Review suddenly start using non-interactive sign-in instead of interactive sign in timestamps?
Hello, I have been running the above mentioned access review for probably 2 years without major issues. Recently it seems that the reviews have switched to looking at non-interactive sign-ins as well as interactive sign ins. There is really two issues…
Office365 Commercial to GCC High B2B issues
Hello, I will be spare the long paragraphs and go straight bullet points. One Company, 2 O365 Tenants (Commercial & GCC High) Commercial tenant is configured and running for a long time, GCC High is new and was recently stood up.) Created B2B…
Conditional access & Authentication Strength policy
Hi to all, i am struggling to setup a working authentication policy but i am hitting a wall all the time!.. First of all we have entra P1 license and tenant is registered before 2019.. When i am using per user MFA setting all works fine to enforce MFA…
Azure workbook that identifies SPN's that are missing owners
Hi Team, How to create an workbook that identifies owners missing in a SPN
Using main Azure Active Directory login for separate Azure AD B2C login via API Management Portal
My company has a main Azure Active Directory of our in-company users as well as a directory for Azure AD B2C for outside users. My API Management service as of right now only accepts logins via Azure AD B2C. I was wondering if it would be possible for…
How to add OpenID connect identity provider to Microsoft Entra External ID? I see only SAML/WS-Fed option.
Looks like there should be an OpenID connection option. How can I add entra ID multitenant provider here?
How to delegate permissions to Service desk team for managing MFA in Azure Active Directory
How to delegate permissions to Service desk team for managing MFA in Azure Active Directory. just MFA reset (revoke and re-register) rights. please suggest
Microsoft authenticator app not sending code
I am trying to login to Azure Devops, however when I do I get prompt to input a code into my Microsoft Authenticator App. When I go on the app though nothing comes up to input the code. There are also no other ways to sign in except using the app, the…
Keep poup “More information required" for every sign in on 365 Admin Center
After security defaults was enabled on 365 Admin Center, registered MFA with MS Authenticator and phone / email address for administrator sign in. It keeps popup with “More information required” for every sign in now. Then disabled security defaults on…
How to create a Teams meeting for all to join with their personal accounts?
In a personal Teams meeting, the login option isn't displayed. However, personal accounts face restrictions when attempting to join business Teams meetings via browser or desktop. Is there a workaround? Can the Graph API facilitate this process? And can…