Audit Report for 2FA enabled accounts
Azure MFA status not updating in O365. Azure Conditional access users default to disabled in O365. I Need to run a report for an IS audit to show 2FA is enabled for all accounts. Powershell scripts pull from O365 but show disabled for Conditional…
Issue with Azure AD metadata import in linux based system with Tomcat as application server
Facing issue while importing SAML SSO Azure AD IDP metadata in SP (Linux based system. Tomcat as application server). Error: SignatureValidationFilter : Signature trust establishment failed for metadata entry https://sts.windows.net/XXXXXXXXXX. We…
Azure B2C custom policy pass input claim value from REST API
Hi All, I am new to B2C and AD, please excuse if this is a lame question. I am calling a REST API to create a record in the third-party system during user signup using custom policy. This part works fine without any issue and I am getting the record…
B2C Custom Policy REST Integration Error
Hello All, I am new to Azure and B2C. I was trying REST API integration as explained here I have followed the same steps but I am getting an error when I try to upload "SignUpOrSignin" policy file. Validation failed: 1 validation…
I need Sign-in and/or audit logs from 2 years ago. Only have option for 7 days ago max.
Hello, I have Azure Active Directory for my organization. I am trying to see logs of sign-ins for an employee back in 2018. I only see the option for logs going back 7 days. This is for a theft of IP case. We need these logs or at least the device…
Invitation Sent and user can't sign in (B2C)
I created an SPA app to be used in B2C. The users that sign up they can sign in. But when I invite them using the portal in the AD B2C blade/Users Menu on the left. And then I click + New User and then use Invite User option. They get an email to…
Still have PIM with an Azure AD P1 license
I cannot figure out why I still have access to PIM, with only P1 Azure AD license? I had an P2 trial account to test out the feature, including PIM. However as global admin(with P1 license) I'm still able to assign role to users in PIM and approve…
MSAL-Angular auth_code flow + PKCE support?
I learned at MS Build 2020 that MSAL-Angular is GA. I was wondering if it supports authorization_code flow & PKCE like MSAL 2.0 for JS does already? I've implemented a baseline login component, but seems that it is still using implicit flow? Is…
TLS Log Warning for AAD Sync - Schannel 36875
We manage quite a few servers, and back in March, enabled LDAPS for all of the domains that had LDAP queries related to VPNs. The same set of instructions was used for each of 8 domain controllers; however, on two of them, we began seeing these warnings…
Creation of account in AAD if domain is federated allowed?
Hello all I have global admins in AAD but I can't see the domain name I want in the drop down when I create a new user. I checked custom domains and I can see the domain I want to use is verified. It is is federated and perhaps this s the issue? I must…
Office 365 ATP Plan 1 and Plan 2 application
Dear Support, I have a question related ATP features availability and applicability relatively to which license/plan was assigned to a user. Currently, we have Office 365 ATP (Plan 1) licenses that applied to our users(about 500 users) that gives…
Microsoft Store for Business / Education - How to configure specific users to receive AND approve App Requests
I have been working looking into a process to ensure users when using the Private Store, can request apps, then for these apps to be approved by a user or team. In my scenario I have down the following settings: Allow users to shop: Off Make…
/teams/allMessages is this resource type is paid for create subscription api
I am using create subscription API for creating webhooks and I wanted to access the resource type /teams/allMessages but it is showing the error message as - ""message": "Operation: Create; Exception: [Status Code: Unauthorized;…
B2C Error while user sign in
Hi @Anonymous , I am trying seamless user migration to B2C through custom policy, following is policy details that I am running: <RelyingParty> <DefaultUserJourney ReferenceId="SignUpOrSignInWithUsername" /> …
Please disable multi factor authentication on AD B2C tenant in Azure Portal
Every time I log into Azure portal and access AD B2C tenant I am prompted to confirm my email address with a secondary email address provider. Please turn this additional check off. Thank you! See this request: …
Setup of G Suite IDP for SAML direct federation for B2B
Hi guys, our G Suite IdP integation is not working: after setting it up, users are unable to redeem invitation. Please see following errore message: RequestId: e48a3d3e-6703-46b6-b1d2-b00adf4a8fe2 Correlation…
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '4c9f8d57-3372-47b8-9f05-067a5127b9e4'.
Hi, I have this issue when I try to sync my Outlook with another software in which I'd like to send email (Pipedrive) "AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:…
Recommended pattern for acquiring tokens
Hi Team, We wanted to know the recommended pattern to acquire tokens while using the Client Credentials flow for a daemon application(confidential client application). Are we supposed to acquire the token silently i.e. from token cache? As per…
Need direction on manually rolling my own MSAL (or at least accessing REST APIs) for use with non-standard tooling/languages.
Hello, I have a client that has moved their internal tools to Azure MFA. We have a couple of 3rd party desktop applications (written by my company) that the client would like to bring under the Azure MFA umbrella. We previously accomplished this…
Azure MFA not working when activating an Azure AD Role with MFA setting enabled
Hi All, I'm trying to configure Azure AD role with MFA enabled when a user activate the role but MFA is not kicking in. I have Conditional Access configured when users logging in to the Azure Portal and that is working as expected. So for me, MFA…