How to skip OrchestrationStep related to MFA (ClaimsExchange) if login prompt was not displayed
Hello Team, We have CombinedSignInAndSignup step which shows login prompt if the session is not active and this is followed by ClaimsExchange which does phone SMS or call) authentication. In case of an active session (either 'Keep me signed in'…
How to skip OrchestrationStep related to MFA (ClaimsExchange) if current session is already active
We have a CombinedSignInAndSignup step that displays a login prompt if the session is not active. This step is followed by a ClaimsExchange, which handles phone SMS or call authentication. When there is an active session (whether ‘Keep me signed in’ is…
Certification Profile not connecting to Certipoint or even created?
Hello, I have just passed my AZ-900, Azure Fundamentals Certification through Certipoint as per the course instructions. No matter what I do, I am unable to either create a Certification Profile to show off my newfound certification or find anyway to…
Authentication Issues using AAD Kerberos for Azure file shares
I have ran and re-ran through the prerequisites. "The Azure AD Kerberos functionality for hybrid identities is only available on the following operating systems: Windows 11 Enterprise single or multi-session. Windows 10 Enterprise single…
Issue with authenticating API management with Azure OpenAI services using managed identity
Hello, We are trying to connect API management services with one or multiple model deployments on Azure OpenAI services. Basically we are trying to do some version of what is shown in this repo (and this blog post). Following the instructions, we have…
How to remove a 'dangling' Access Control (IAM) assignment for User Access Administrator?
A User profile was set as User Access Administrator, the mistake was recognized, and the User profile was deleted... However, after the deletion, there is a 'dangling' Access Control (IAM) entry indicating ("Identity not found") which makes…
How can I use Microsoft Entra-only authentication for my nextjs application using mssql and Azure SQL Database
I'm building a fullstack application using NextJs and Azure SQL database. The database is Microsoft Entra-only authentication. I'm using NPM packages mssql for querying the database and @azure/msal-browser and @azure/msal-react for single sign on. The…
Use Okta MFA claim with Security Defaults (not Microsoft Authenticator)
We have multiple tenants, one of which is licensed and is configured to provision users from Okta. Our other tenants are free-tier and have Security Defaults enabled to enforce MFA. We invite employees at their Okta user email to become B2B Collaboration…
JWT ID token using different jwks uri which has appid parameter
JWT ID token generated in this Azure AD Application is using keys from "jwks_uri": "https://login.microsoftonline.com/{tenant_id}/discovery/keys?appid={client_id}" rather than using the keys from this link…
Request Entra ID Access
Hello, We recently took over a legacy application from a customer that uses MS Entra ID (formerly Azure AD) to manage their RBAC. The previous company had access to it, and now we also need access to the Entra ID. The admin from our client mentioned that…
AD B2C: Where is Documentation for `{service:te}` In a Custom Policy Technical Profile?
There are serval examples throughout the AD B2C documentation that utilize {service:te} as the value for the client_id. The following example was taken from here. <TechnicalProfile Id="JwtIssuer"> <DisplayName>JWT…
How is the scope of the permission defined? GroupMember.ReadWrite.All
GroupMember.ReadWrite.All The application permission is defined as: Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be…
Users suddenly got incapable of MFA
Users suddenly got incapable of MFA. All sign in methods got removed
Microsoft 365 is "requiring" set up authenticator app as verification method. No other option other than app on a phone. How do I choose SMS or Voice as my only options?
I have made several changes but it appears all new users only have the option to get the authenticator app, I have disabled the microsoft managed options. I have diabled the registration campaign. Under authentication methods I have checked microsoft…
No Apps available on Company Portal
Hi there, I successfully deployed Company portal app to macOS device. However, when I navigate to apps, it says no apps are assigned to this device. How can I assign apps to users using Company Portal? Any help will be much appreciated.
Passkeys for Android devices
Hello, Referring to this article: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-mobile?tabs=Android What's the difference between "Passkey" and "Passkey in Microsoft Authenticator" as…
Entra SSO and Provisioning in Salesforce
We are going to turn on provisioning users between our Entra instance and Salesforce. The issue is we want users to be created with profile chatter free. We will change their profile based on their role manually. When Entra seeks to update any changed…
Conditional Access and Microsoft Authenticator Sign In
We're using conditional access policy to restrict access to 'Register security information' to trusted locations only. This policy blocks home users from signing into the Microsoft Authenticator. How are you handling this security recommendation?
AzureAD Connect error while executing the command 'Get-MsolUserRole' Access Denied.
We've been running AzureAD Connect for ages. No issues, syncing works. Haven't needed to make a config change for a while but after attempting to upgrade from 2.3.6.0 to the latest we're getting this error when it asks for the password to Connect to…
macOS Platform SSO Secure Enclave - Entra ID sign-on logs? Conditional Access Authentication Strength policies?
We're testing macOS Platform SSO integration to Entra and have a few questions that aren't answered by the documentation: When using the Secure Enclave setting, the user ends up with a Platform Credential in their 'Authentication methods' view in…