Remove elevated access
Hi, I am to delete/remove users from the "User Access Adminstrator" role, as they were assigned to this role directly at the beginning of the prosject. Problem is that I am not able to remove them all. I can remove my self and one other…
Conditional Access Policy to restrict normal users from using Azure Active Directory PowerShell
Hello all, I'm looking for a solution(conditional access policy) or something else that will restrict normal users from accessing azure active directory power shell and execute msol (get-msolgroup) or azure ad cmdlet's. If someone has a solution…
Disable global MFA for a specific Application (client) ID that requires ROPC
My organization has configured the MFA for all applications (globally). Which is great as it improves overall security. But how can it be disabled only for an Application (client) which is legacy and requires Resource Owner Password Credentials (ROPC)…
I would pay cash money for a graphical UI on the portal/dashboard.
Once you get to 200+ resources, the dashboard is a complete disaster. Graphical UI! Make it look like a Windows desktop for all I care.
Is this a business account?
Is my account a business account or a home account?
Connect to SQL Server cross domain AD Group user
Our MS SQL Server is on another trusted domain (Trusted Domain T). We created a Universal Group within Domain A with users from different forest domains and added the AD group onto the SQL Server. When the user from Child Domain B tries to connect, they…
Is the synchronization of a Domain with Azure AD Bidirectional?
Please understand my question? I joined my domain (xxxxxxx.company) to my Azure AD Tenant (xxxing.email) synchronized and everything is correct. Users are synced from xxxxxx.company to xxxxxxxx.email. So far so good. I have users in…
Creating a user in Azure AD with custom user attribute using graph api SDK
I am creating a rest API that will create user with custom attribute into our Azure AD B2C tenant using graph SDK. Sample code below: var oUser = new Microsoft.Graph.User() { AccountEnabled = true, //True by default …
Security Question regarding AzureAD Applicatin Proxy for Internal NDES Services
Dear All, Hopefully I post this in the correct forum. I want to deploy certificates to our mobile devices managed by Intune / Endpoint Protection. For this I used these guides to Create an internal NDES Server Publish it with an…
Solution recommendation for separating contractors from MS365 Organization
Hello, from time to time my organization hires a temporary contractor to do specific task. I'd like to separate such person from my organization's resources - I mean files, distribution lists, Office 365 groups, shared mailboxes, conference rooms…
O365 Azure AD logging levels been changed?
Hi everyone I work for an MSSP and we're seeing a drastic drop in O365 Azure AD log levels across all customers. I can't find any further information on MS forums or the Azure AD patch notes page, so thought I'd ask here. Is anybody aware of the…
How can I merge my two MS Learn accounts?
I have a personal (@Anonymous .com) MS Learn account and another MS Learn account which is using my corporate email. How can I merge my two accounts?
Cisco Anyconnect : SAML Force select account during AAD login
Hello, We have switched from RSA to MFA for authentication on Cisco Anyconnect using Enterprise application and Azure AD SSO (https://video2.skills-academy.com/fr-fr/azure/active-directory/saas-apps/cisco-anyconnect ) we added conditional access to require…
API scopes and roles
Hi, When I register an application (Web api) and Expose the API (adding scopes). I see that we can add appRoles in the manifest. Is there a way to associate roles and scopes? Like to say an Admin role has Read and Write scopes and the Employee…
App Registration and MS Graph API User.Read
Hi, When I register an application (web api) and when I go to the API Permissions section. I see that the MS Graph API User.Read is there by default. Is this necessary If I don't plan to access the Graph API? If it is necessary, what would be the…
Azure AD - Custom Claims for onpremise application authentication.
HI Guys I trying to figureout how I can create the right claim ransformation to send to my onpremise application the value he expected. into the source attribute I choosed User.onpremisesamaccountname but my application expect domain\samaccoutname. …
Get-AzureADUser : ProvisioningErrors how to export to “normal readable format
Hi, I know, that I can generate export of provisioning errors with command… $errors = (Get-MsolUser -UserPrincipalName "User1@Xdomain.com").Errors $errors | foreach-object {"`nService: "+…
B2C - Cannot log out when using the Edge browser
During implementtion of the B2C logout process I used the Chrome browser and it was pretty much trouble free - I used the logout endpoint url as specified in the app registrations section in AAD B2C and added the post_logout_redirect_uri to the end of…
AD B2C ROPC JavaScript Token Retrieval
I have Azure AD B2C and a Blazor Server-side app with a Login page. I created a ROPC Custom Policy and tested with Postman and it retrieves the token with the claims correctly. But when I want to retrieve the token from the browser with JavaScript to the…
Key Vault authentication
Hi, What is the best way of setting up authentication for key vault when you have the following? One Key Vault for each Subscription Dedicated resource group for each Key Vault Questions: Management plane - RBAC Should it be dedicated…