Can you have two Entra IDs for two separate domains and a single tenant
We have a client that owns 2-3 domains under a single tenant. The parent company (companyA .com) and the child company (companyB.com) want to separate their Azure AD so companyB.com can be independent. They have 150 users in total all Azure AD joined. …
Exclude Windows Hello for Business for SSO of Global Protect
Dear PPL, I have implemented Entra ID SSO and SAML for our organization VPN Portal login. Now some ppl complaining that Windows Hello for Business they set up on their devices somehow allow them to connect GP VPN without giving MFA.... I was wondering…
Wrong SAML Claims for AppRoles
Hello, I am configuring the SAML claims for Enterprise Application in Azure. For the moment I have configured them like that: and I have tested connection to target app. Everything is fine and app can read custom_roles. Unfortunately additionally to…
How to restrict user access to a specific device
Is there a way to allow a specific user just to login on a given device ? Any other login tries should be blocked.
Azure AD Connect service fail to start after ASR
Hello, I've recently added our Azure AD Connect server to Azure Sit Recovery. It was fully replicated recently, and I just completed a test failover in an isolated environment. For a few reasons it is not acceptable to allow this failover test version…
How can I seamlessly change an App Registrations "Application ID URI" domain?
I have a published teams app which includes tabs. The tabs point at Domain A to authenticate the user using "microsoftTeams.authentication.authenticate" and "microsoftTeams.authentication.getAuthToken()". The teams manifest.json…
Windows Active Directory setup in Azure
Hi, I plan to setup a Windows Active Directory (AD) using VMs (1 for PDC and 1 for BDC) in the Azure cloud environment and it should sync the AD in the on-prem via the established site-to-site IPsec VPN link. What are the pros and cons? Which is better…
Azure AD B2C - List user accounts deleted and updated
We are using Azure AD B2C for all of our customer accounts. We want to identify the following for the last 5 days. Which user accounts were deleted. Which user accounts were updated. Questions Is there a graph API that will return the above…
I want to leave an organization that I can't login into anymore
I have 2 organizations / tenants attached to my MS work account, but I want to leave one of them. Unfortunately when I try to leave it from my Account I need to login some other account that I no longer can access. How can I leave this tenant?
Enterprise applications: Microsoft Graph Command Line tools, How to restrict connection to Microsoft Graph and grant access to specific users
Hello team, I am trying to grant access to specific users to Microsoft Graph. the objective is to block public access in our tenant to Microsoft Graph. I tried using conditional access, however, in the apps to select, it doesn't show Microsoft…
Entra on-premise password protection, without deploying Azure, hybrid environment
We have an on prem AD, with one way AD sync to M365 on E3 level. We are looking for clarification to the following question, want to know if it is possible to deploy Entra on-premise password protection, without deploying Azure/Entra AD?
Exchange 2019 installation Failed hybrid environment
I have an on-prem exch 2016 hybrid (on server 2012 r2 standard). All mailboxes are on O365. I'm setting up a new exch 2019 (server 2019 standard) so I can then get rid of 2016. It gets stuck on Step 8/12 Mailbox service. The system mailboxes are all…
Can I set up a user in my Entra center that has access to other user's resources?
I am using microsoft graph to sync SF & outlook events and toDoTasks. However, app level permissions are not available for toDoTasks. I've managed to sync everything using delegated permissions when it comes to syncing these records from SF to…
NPS Extension for Azure MFA failing to generate MFA prompt
Hi I am trying to setup a new NPS server with the NPS Extension for Azure MFA to control access to an RDS server on-prem. Authentication works fine when not using the NPS Extension. With the NPS Extension enabled, the user does not receive an MFA…
Problem with Exchange Server 2016 Hybrid Configuration (Teams Rooms Mailbox)
Good day, After setting up Exchange Hybrid (Classic Mode), the O365 mailboxes are not displayed in onPrem Exchange. Mails cannot be sent from onPrem to O365 either. In O365, the onPrem mailboxes are visible and mails can also be sent from O365 to…
Sync Entra with Google Admin
Hello, I am now doing some configuration with sync from Entra to Google Admin, just facing with some issues that for ex. i have some custom attributes on Google side how i can add the same custom attributes to Entra user and also to include this in…
How to delete tenant "Default Directory"
I am trying to delete (or exit) my only Organization. after pressing "Delete": The problem is, I don't have any Licenses or Subscriptions. Also, I am the only one in the Organization. What do I do? Help
How to add custom claims to the Access Token using custom user Attributes.
Good afternoon MS team, I am writing you because I am looking for information on how to add custom claims when the application is generating JWT token, but I can't add them to the AccessToken, but I can see them in the IDToken, . Questions: Can I…
Entra ID access
Not able to access Entra ID . I am the owner of account and have active student subscription
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…