Please can someone help me explain tokens in Azure AD SSO / SAML ??
First of all, please excuse my ignorance. I am somewhat new to the world of SAML and Azure AD SSO and can just barely get this stuff to work with Azure AD SSO for cloud apps. I would like someone to help me explain how i could change lifetime tokens…
Can you enable biometrics fingerprint with mobile apps use Azure AD?
Just a random question really. Workday mobile app support PIN and BIOMETRICS and you can enable it in Workday tenant. Now we use Azure AD SSO when we authenticate to Workday. My question is if a mobile app support PIN and BIOMETRICS and use Azure AD SSO…
Sign in custom policy appears to have no headers and footers as well as no field hints
Hi, I created a default Sign in policy in my tenant but when I run the policy, it appears to have no headings and no text field hints as they appear in default Sign in Sign up policy. Did something go wrong on policy configuration? Or do I…
Location of Azure AD Connect
Azure AD Connect was setup by an outside vendor who did not document what local server was being used to connect to it. The version installed is now old, and I would like to upgrade it to be current. However, I am unable to find it. I looked in the…
App registrations (legacy) no longer available after March 1, 2020
Hi there! I've noticed that Azure AD App Registrations Legacy will be EOL after March 1, 2020. I have also noticed that in the current version URLs including a # symbol are no longer allowed. We are using App Registrations created with the legacy…
Installing ADDS and DNS offline
Hello, Seemingly recently when installing ADDS and DNS in an offline fashion, DNS does not seem to get set up correctly. The _msdcs.my.domain forward lookup zone is not being populated at all with the needed SRV records and thus no other computers or…
Schema extensions
Folks, I have a couple of questions about AADDS: Does Azure Active Directory Domain Services (AADDS) support custom schema extensions? Would you describe AADDS as a globally shared AD Forest with a managed domain for my org? Lisa
Cannot grant organization consent for my application
Hello, I am developing an application that requires organizational consent. Prior to a few days ago, the consent flow was working but my app was configured to accept consent from my tenant only. Now, I want to roll out this product to other…
Managing Authentication for APIs deployed in multiple region and Protected By Azure AD.
Scenario: Registered a Web API in Azure AD to protect it and deployed the code in US region on web app named 'usapi' and having URI as 'usapi.azurewebsites.net'. With this registration, Azure AD will provide a Client Id which will be used to get…
How to use conditional access with a (very) slow internet connection?
Hi all, I am currently encountering a situation where we are rolling out conditional access. This is going well, but we have one group of users that have very slow (satellite) internet. The internet is so slow that users tend to miss the expiration…
Angular App for 2 Purpose
I need to use Angular App to get: access token to work with web api access token to work with graph.api from web api Can I use the same Access Token with a Single App Reg?
Adding guests to group error
As the bulk guest invite function is currently disable i am having to add new guests individually. However i cant add them to a group at either the invite stage or afterwards within the group membership preview pages as i just repeatedly get the same…
Download Azure AD Powershell Module v 8362.1
I am looking to obtain a downloadable version of Azure AD PowerShell Module v8362.1. I found this site that list all the historical versions and links to their downloads but all links that I can find are dead links. …
Unauthorized Error on calling Web API from Native Client
I am using the Todo List sample of Web API & WPF. Registered the Client App & API App in Azure. Login is successful. But Service Call is failing with Unauthorized.
Avoid switching to Enforced after enrolling
Hello We are starting to use MFA in our company, but we do not want to use Enforced method, only the Enabled. I understand that after the registration users switch to Enforced, but how can i avoid that? Even if i register the phone for them before…
Integrate web app with VM over internal vnet?
Hi, Issue: I want to place a web service from a VM behind a Azure AD sign on portal. Attempted solution: Set up a simple Nginx proxy with Web app for container and let this proxy redirect to VM though Vnet integration. From azure web app service…
Device Administrator Role not populating on older devices.
I have come across an issue with adding the device administrator role to our team any device that was joined before that role was added does not seem to elevate their permissions. Any device that was joined after they have been added works as intended. I…
Lack of device info causing Conditional Access rule bypass
Some of our Windows mobile devices are quite old and can't install the current version of Outlook application so rely on ActiveSync and native mail apps. Whilst we update these we created a conditional access rule that blocks ActiveSync on Android and…
fails to map to azure file drive when computer is azure ad joined
i have a problem to map to azure file drive when my computer is azure-ad joined but not join to domain. it prompted for my windows hello pin and after entered, it will get below message. i already done the steps mentioned at below link but still…
Got error "no account or login hint was passed to the acquiretokensilent call" in the second visit
Hi, I got the error "no account or login hint was passed to the acquiretokensilent call" when I visit my page in the second time. This error occurs in the call GetAccessTokenOnBehalfOfUserAsync(scope). The first time is fine. If I clear the…