Connect to SQL Server cross domain AD Group user
Our MS SQL Server is on another trusted domain (Trusted Domain T). We created a Universal Group within Domain A with users from different forest domains and added the AD group onto the SQL Server. When the user from Child Domain B tries to connect, they…
Is the synchronization of a Domain with Azure AD Bidirectional?
Please understand my question? I joined my domain (xxxxxxx.company) to my Azure AD Tenant (xxxing.email) synchronized and everything is correct. Users are synced from xxxxxx.company to xxxxxxxx.email. So far so good. I have users in…
Creating a user in Azure AD with custom user attribute using graph api SDK
I am creating a rest API that will create user with custom attribute into our Azure AD B2C tenant using graph SDK. Sample code below: var oUser = new Microsoft.Graph.User() { AccountEnabled = true, //True by default …
Security Question regarding AzureAD Applicatin Proxy for Internal NDES Services
Dear All, Hopefully I post this in the correct forum. I want to deploy certificates to our mobile devices managed by Intune / Endpoint Protection. For this I used these guides to Create an internal NDES Server Publish it with an…
Solution recommendation for separating contractors from MS365 Organization
Hello, from time to time my organization hires a temporary contractor to do specific task. I'd like to separate such person from my organization's resources - I mean files, distribution lists, Office 365 groups, shared mailboxes, conference rooms…
O365 Azure AD logging levels been changed?
Hi everyone I work for an MSSP and we're seeing a drastic drop in O365 Azure AD log levels across all customers. I can't find any further information on MS forums or the Azure AD patch notes page, so thought I'd ask here. Is anybody aware of the…
How can I merge my two MS Learn accounts?
I have a personal (@Anonymous .com) MS Learn account and another MS Learn account which is using my corporate email. How can I merge my two accounts?
Cisco Anyconnect : SAML Force select account during AAD login
Hello, We have switched from RSA to MFA for authentication on Cisco Anyconnect using Enterprise application and Azure AD SSO (https://video2.skills-academy.com/fr-fr/azure/active-directory/saas-apps/cisco-anyconnect ) we added conditional access to require…
API scopes and roles
Hi, When I register an application (Web api) and Expose the API (adding scopes). I see that we can add appRoles in the manifest. Is there a way to associate roles and scopes? Like to say an Admin role has Read and Write scopes and the Employee…
App Registration and MS Graph API User.Read
Hi, When I register an application (web api) and when I go to the API Permissions section. I see that the MS Graph API User.Read is there by default. Is this necessary If I don't plan to access the Graph API? If it is necessary, what would be the…
Azure AD - Custom Claims for onpremise application authentication.
HI Guys I trying to figureout how I can create the right claim ransformation to send to my onpremise application the value he expected. into the source attribute I choosed User.onpremisesamaccountname but my application expect domain\samaccoutname. …
Get-AzureADUser : ProvisioningErrors how to export to “normal readable format
Hi, I know, that I can generate export of provisioning errors with command… $errors = (Get-MsolUser -UserPrincipalName "User1@Xdomain.com").Errors $errors | foreach-object {"`nService: "+…
B2C - Cannot log out when using the Edge browser
During implementtion of the B2C logout process I used the Chrome browser and it was pretty much trouble free - I used the logout endpoint url as specified in the app registrations section in AAD B2C and added the post_logout_redirect_uri to the end of…
AD B2C ROPC JavaScript Token Retrieval
I have Azure AD B2C and a Blazor Server-side app with a Login page. I created a ROPC Custom Policy and tested with Postman and it retrieves the token with the claims correctly. But when I want to retrieve the token from the browser with JavaScript to the…
Key Vault authentication
Hi, What is the best way of setting up authentication for key vault when you have the following? One Key Vault for each Subscription Dedicated resource group for each Key Vault Questions: Management plane - RBAC Should it be dedicated…
B2C password reset not working in IE11
After verifying an email address using the verification code, upon clicking the continue button I get sent to the following URL: https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/passwordreset.aspx So for some reason it's trying to…
Azure AD MFA - Require once enrolled
Hi Guys, I am hoping I am missing something obvious in conditional access. But I don't see a way to enforce MFA after enrollment on an app. That is to say, once someone enrolls they get prompted moving forward. If they haven't signed up, they don't. …
Microsoft Direct Access or ADFS or Both?
Hi, I successfully setup my OnPremise AD domain and office 365 With "Azure AD Connect" and successfully setup the ADFS for authentication. I also enabled the Hybrid Join Feature for my clients. All works fine. My answer is: what…
In Azure AD B2c I am using Custom Policy to sign in using Username only and want to configure MFA using Email?
In Azure AD B2c I am using Custom Policy to Signup and sign in using Username only and want to configure MFA using Email which is used while signup process email verification. I am confused about where do I start, How can I get email address which is…
Microsoft 365 subscription extra-costs for Microsoft Graph Api usage
Hello, I am a software developer and I've been working on integrating Microsoft Graph Api in my application to be able to retrieve calendar information for users. For development purposes, I have been using a Microsoft 365 Developer subscription, in…