Does renaming Windows locally update AAD?
In my previous test runs with AAD + Intune MDM, I've always renamed Windows 10 from the Intune side, which will shortly prompt the target device client OS to restart for the rename to take effect. The device name is thereon rename in Intune and AAD. …
AAD Sync, switch from hash to pass-through and SSO
Hi, Today I'm using AAD Sync with Password Hash sync and I want to change to pass-through authentication and single sign-on. Are there anything I need to think about before doing this? Or can I just check the "Pass-through authentication" and…
Azure B2C securing metadata endpoint.
Does Azure B2C support custom policy metadata endpoint security using either basic authorization or certificate? The below does not appear to work as no certificate was sent to the API. I could not locate any documentation indicating that securing for…
AAD Login uses logged in user by default
Hi, I have a few applications that use AAD for authentication. Current behavior: I am logged into my desktop using a@Anonymous .com. I launch the application, the app redirects to the AAD login screen and enter b@Anonymous .com as the user…
Enterprise App oAuth2 SSO gets invalid session key
I added my Moodle instance as an Azure AD Enterprise app. The login works well, but fails in a very specific way (which tends to be quite popular amongst users). When people click on the login button, they get redirected to the Microsoft login…
Azure AD OIDC token issues
Hi, We've been using OIDC tokens with our application behind AWS ALB, and its been working fine until last week. Looks like UserInfo endpoint not returning everything AWS ALB is expecting as per OIDC protocol specs? MSFT has been advising to use /me…
Using Yubikey with Azure SSO MFA
Hi, I've configured our Business Central On-Prem V13 Test environment for Azure SSO and it works great. I would like to enable the use of Yubico Yubikey for MFA. As many of our employees are not provided with smart phones, we need a way to allow them to…
Does Azure AD support RelayState as form variable
I am creating a SP-initiated SAML flow where I need to send the RelayState via a form POST variable along with the SAMLRequest. Is this allowed and if so how do I configure it? Currently, the communication coming back from Azure AD has the…
How to retrieve a correct token to request Reports on Graph
Hello I have registered an apps with Reports.Read.All permissions with delegation and Admin Consent I try to retrieve reports (email, onedrive, ...), but I don't succeed. The token retrieved nerver contains the permission Reports.Read.All …
Finding Azure permissions needed for Powershell cmdlets
I'm trying to use Runbooks to automate things in Azure but I keep running into 'Insufficient privileges' errors for the runas user the Automation Account is using. Is there any documentation on what permissions the cmdlets need? I've not been able to…
Enterprise applications - On-premise application published with pass-through but still prompted for password
Hi, I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is…
checking activation status
Hi there. I've been running with a free trial of Azure got an email earlier in the week to 'upgrade now' which I want to do. This takes me through to login and says 'More information required' and then to 'Additional Security Information'. I've…
Salesforce - Azure AD Automated User provisioning Issue
Hello Community, we are trying to implement the Azure AD Automated user provisioning on our instance an able to create an user with a profile unable to find any documentation for assigning a permission set we are unable to find a valid…
How to use New-AzADSpCredential to add certificate credentials
I am using App Registrations to deploy resources and the certificate is expiring. I am trying to write a script to add a new cert to extend the life of this Service Principal but no matter who I login as (myself, a colleague, the Service Principal…
Mix ADFS and Azure AD for authentication
Hi We use ADFS 3.0 for O365 and some 3rd party web / apps. Now we're implementing a new website. My original idea was to just add it to our ADFS but now the project has decided that it need 2FA. In the future I see all our apps authenticate in Azure AD…
auditLogs/signIns Response
Hi, I need to get the last date a user did signin. I'm using "https://graph.microsoft.com/v1.0/auditLogs/signIns?`$filter=userId eq ''" where can I find the response schema to be able to parse it correctly? Thanks, JD
Can no longer find device serial number in Azure AD for inclusion into group for Windows Autopilot
We have previously been repeatedly deploying test computers with Windows Autopilot according to tutorial https://video2.skills-academy.com/en-us/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm We have a group assigned to the…
Login-AzureRmAccount -Credential $cred -TenantId "Tenant ID" command is failing with error AADSTS50034: The user account Microsoft.AzureAD.Telemetry.Diagnostics.PII does not exist.
I am following the steps mentioned in following article: https://social.technet.microsoft.com/wiki/contents/articles/40062.azure-automating-login-for-powershell-scripts-using-service-principal.aspx The Login-AzureRmAccount -Credential $cred -TenantId…
Map Extra Attributes to ADDS LDAP Interface?
I have setup LDAPS by basically following these steps: https://video2.skills-academy.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps Plus, I have created a service account that allows me to extract user information. However, I…
"Script is disabled. Click Submit to continue."
I am working with a WebTest to mimic Azure AD user login, once user is authenticated he would be presented with an application home page. Issue: One of the WebTest response expecting user to intervene for a button click action, how can I do that…