Hi,

I am trying to configure the blockchain workbench. I followed the below link

https://docs.microsoft.com/en-us/azure/blockchain-workbench/blockchain-workbench-deploy#get-tenant-domain-name and configured all and deployed the blockchain. I am using <g class="gr_ gr_235 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="235" id="235">free</g> trial and not able to verify the custom domain name added "contoso.com"

When <g class="gr_ gr_386 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="386" id="386">i</g> tried to launch the workbench <g class="gr_ gr_387 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="387" id="387">i</g> get the below error

Can anyone tell me what <g class="gr_ gr_414 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="414" id="414">i</g> am missing here? How to associate the application to contoso.com? Thanks!

Hi,

I'm using 1511, build 10586.36. I just joined Azure AD and logged in with an account from Azure. I previously had a domain account linked to my Microsoft account. Now I can't turn on Sync Settings. When I turn it on, it seems fine, but when I leave the page and return, it is off.

I am not sure what to do.

P.S. I tried reading the account in the calendar app, it said there was already such account. Checked the privacy settings also.

P.S.S. Additionally, Edge reports that "Some windows features are only available if you are using a Microsoft account or a work account". My account IS a work account.

Welcome to the zone where normal things don&#39;t happen very often

Hi,

I noticed in the AAD portal, under each user, that one is able to view "Device syncing and enterprise app settings" (preview). For all my users it states "Devices in your organization can't sync settings and enterprise app data. The feature is turned off."

There doesn't seem to be a settings within AAD Configuration to enable this either, at least not in an obvious fashion.

Any pointers? How I ended up with this was that I was investingating why two AAD joined laptops could not synchronize Edge's Reading List (both seem to have their own copies and no way to figure out why they do not sync)

Thanks.

I have developed 2 web applications. I have used Azure Active Directory v2.0 for user identity. These two applications are hosted as separate web apps in Azure. using Application Gateway, I am redirecting the specific request to web apps.

If User is requesting for any of the web apps, then first it is redirected to azure tenant endpoint for authentication.

After successful login, it will be redirected to the main web app and I have followed this below code in <g class="gr_ gr_18 gr-alert gr_gramm gr_hide gr_inline_cards gr_run_anim Grammar only-ins multiReplace replaceWithoutSep replaceWithoutSep" data-gr-id="18" id="18">OnAuthorizationCodeReceived</g> method.

TokenCache userTokenCache = new MSALSessionCache(signedInUserID, notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance(); ConfidentialClientApplication cca = new ConfidentialClientApplication(ApplicationId, Authority, RedirectUri, new ClientCredential(ApplicationKey), userTokenCache, null);

Now When User is navigating from one web app to the other web app. I am using below code to get token from the cache.

TokenCache userTokenCache = new MSALSessionCache(signedInUserID, new HttpContextWrapper(HttpContext.Current)).GetMsalCacheInstance(); ConfidentialClientApplication cca = new ConfidentialClientApplication(Startup.ApplicationId, Startup.Authority, Startup.RedirectUri, new ClientCredential(Startup.ApplicationKey), userTokenCache, null);

var user = cca.Users.FirstOrDefault();

When I am implementing this code and try to get token in the second web app.then it will give me null in the user variable and it throws an error.

What Should I Do?

Note: If some user logged in one web apps, then it does not require to log in another web app. Sessions and cookies are shared between all web apps.

I have a Windows 7 64bit workstation and I am trying to install AAD PowerShell module. 

I have a PowerShell window opened with elevated privileges and I ran the following command: Install-Module -Name AzureAD

I get the following errors. Help!

I have a simple C#/MVC 5 Azure app with a redirect sign-on and I am trying to simply get the Azure Active Directory Groups to which my authenticated User belongs.

I am having a devil of a time navigating all the various conflicting tutorials and MSDN content relating to:  AAD Groups, Claims, Graph API, Azure Portal App Registration, etc...

All I want to do is loop through a User's Groups that they are a member of.

Does anyone have a clean, simple explanation of how to do only this (without all kinds of extra Role/Claims stuff)?

Does my Azure App have to be converted into a Registered Azure Application in the portal in order to be able to do this?

It seems inordinately hard to figure out...

This call:
https://graph.windows.net/myorganization/groups/{object_id}/$links/members?api-version

produces an Access Token missing or malformed.

Then somewhere people say I need to send a token from somewhere else...

Hello we followed the commands , instructions and example provided in document and found that they work but not as expected.  For eg:

1. we set policy for Single-Factor Session Token Max Age and Multi-Factor Session Token Max Age for 15 mins and I was expecting it will sign me out but it didn't rather it signed me out after 1 hour which is the token lifetime of id token.
2. PS C:\WINDOWS\system32> Set-AzureADPolicy -Id ae87a997-7cbe-4a09-8796-6525671207c9 -Definition @('{"TokenLifetimePolicy"
   :{"Version":1,"AccessTokenLifetime":"00:10:00","MaxInactiveTime":"00:15:00","MaxAgeSessionSingleFactor":"00:17:00","MaxA
   geSessionMultiFactor":"00:17:00"}}')
   This policy setting signed me out after 17 minutes the second time. I mean the first time access token got refreshed which increased expiry time for id token as well after 10 mins and it kicked me out 2nd time irrespective of I am working actively or not.

why does the above setting doesn't do idle session timeout.  if user is actively using application ,  access token will get refreshed and so should session token if it is checking the id token validity  and if I am inactive access token will not refresh and it will timeout .

If this is not the correct way then it is not working, can you please share how to implement idle session timeout ?

I have seen the other post about using 

Login-AzureRMAccount
Get-AzureRMSubscription

But I am wondering if this requires that I have permissions to the subscription (of any form) to be able to see it listed?

I'm doing an assessment and have some permissions, but may not have permissions to some subscriptions.  The client isn't exactly sure how things are setup, so I'm trying to find out how many subscriptions they have (there may be some they don't remember), and if they're associated with the Azure AD tenant.

In other words, is there a way that I can simply list all Azure subscriptions associated with an Azure AD tenant when I may not have rights to some of those subscriptions?

I cannot get the a user to be hidden from the address list in office 365. The sync is working but just not syncing the  msExchHideFromAddressLists.

So far I have changed the msExchHideFromAddressLists attribute to True

Also tried following this guide to add it to the sync - https://gertkjerslev.com/howto-sync-msexchhidefromaddresslists-attribute-office-365

I'm running Azure AD Connect Version 1.1.880.0 - Don't think that matters but I thought I'd Include it.

Regards Jake Gardner If you found this post helpful, please give it a helpful vote. If it answered your question, remember to mark it as an Answer.

Move users, computers, objects from One domain to another hosted in Azure Active Directory (NO On-Premise AD)

Current Scenario:

Custom Domain name 1: abc.com

Azure Active Directory License: P1

Office365 actively used by all users

Users authenticate using Azure Active Directory (no on-premise Active Directory)

Client OS: Windows 10 and connected with <g class="gr_ gr_240 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="240" id="240">Azure</g> Active Directory

Future state:

Migrate all users from abc.com to the new domain name: xyz.com (part of the same Azure Active Directory)

Explanation:

The company is planning to have a facelift in the brand name and thus change of domain name for all users. Wherein users AD properties should be updated from old domain name: abc.com to the new domain name: xyz.com.

My research <g class="gr_ gr_356 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-del replaceWithoutSep" data-gr-id="356" id="356"><g class="gr_ gr_343 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar multiReplace" data-gr-id="343" id="343">suggest</g>,</g> ADMT can be used.

however, its applicable for OnPremise Active Directory.

As this is a pure Azure Active Directory Environment, therefore not sure <g class="gr_ gr_473 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins multiReplace replaceWithoutSep replaceWithoutSep" data-gr-id="473" id="473">as</g> how can I smoothly migrate :

- Users

 - Computer Objects

- Printers

- Office365 (all sub-services)

- MFA

- VPN Access

Looking for Advice on what all to be considered for the migration or movement to occur?

Any pointer will be greatly appreciated.

Thanks in advance for your time and assistance.

Regards, Dematri

How to list down all aliases/proxyAddresses of Office365 account using Microsoft Graph API?

I know beta APIs have a field called proxyAddresses however is there anything available in v1.0 where I can see all the proxyAddresses or aliases?

When I try to install  AAD Connect I get the following error log.

[17:11:04.639] [  1] [INFO ]
[17:11:04.639] [  1] [INFO ] ================================================================================
[17:11:04.639] [  1] [INFO ] Application starting
[17:11:04.639] [  1] [INFO ] ================================================================================
[17:11:04.639] [  1] [INFO ] Start Time (Local): Tue, 11 Sep 2018 17:11:04 GMT
[17:11:04.639] [  1] [INFO ] Start Time (UTC): Wed, 12 Sep 2018 00:11:04 GMT
[17:11:04.639] [  1] [INFO ] Application Version: 1.1.819.0
[17:11:04.639] [  1] [INFO ] Application Build Date: 2018-05-02 16:19:11Z
[17:11:05.764] [  1] [INFO ] Telemetry session identifier: {ba1b49de-ed67-4ceb-869c-3b811762d3df}
[17:11:05.764] [  1] [INFO ] Telemetry device identifier: CEnI82SN9T2/b49MTvDqyjVassIcuUb1rRN4aVe/av8=
[17:11:05.764] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (38ad783d9)
[17:11:05.889] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[17:11:05.889] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[17:11:05.889] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[17:11:05.889] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[17:11:05.889] [  1] [INFO ] Default Proxy [Enabled]: True
[17:11:05.889] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[17:11:05.936] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[17:11:05.936] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[17:11:06.030] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[17:11:06.061] [  1] [INFO ] Loading the persisted settings .
[17:11:06.124] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[17:11:06.170] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[17:11:06.170] [  1] [INFO ] Password Hash Sync supported: 'True'
[17:11:06.217] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[17:11:06.436] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[17:11:06.436] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[17:11:06.452] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[17:11:06.452] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.467] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[17:11:06.483] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[17:11:06.780] [  1] [INFO ] CheckInstallationState: Packaged version (1.1.819.0), Installed version (1.1.819.0).
[17:11:06.780] [  1] [INFO ] CheckInstallationState: AAD PowerShell is up to date (1.1.819.0 <= 1.1.819.0).
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:11:06.780] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:11:06.780] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:11:06.780] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:11:06.780] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[17:11:06.780] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:11:06.796] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[17:11:06.889] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[17:11:06.889] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[17:11:06.889] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[17:11:06.889] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[17:11:06.889] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[17:11:06.967] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[17:11:06.967] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[17:11:06.967] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[17:11:06.967] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.967] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {0f4d6650-8a7c-4c9d-8449-2431b8dff372}.
[17:11:06.967] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.819.0, ProductCode=0f4d6650-8a7c-4c9d-8449-2431b8dff372, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[17:11:06.967] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[17:11:06.967] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.819.0) is installed.
[17:11:06.967] [  1] [INFO ] Checking for DirSync conditions.
[17:11:06.967] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[17:11:06.967] [  1] [INFO ] Initial configuration is incomplete.
[17:11:17.470] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180911-171104.log

Hi,

I connected my Microsoft Account to Azure AD while trying to configure VSTS. I am having a lot of problems every since. For example, I cannot preview or download attachments from outlook.com and I cannot add my email address to Outlook for Windows. Each attempt at these operations result in a generic error message, something along the lines of, "an error has occurred" without any useful details.

Any idea how can I completely disconnect my Microsoft Account from Azure AD please?

Hello,

Our company is using Microsoft's external user feature to set up sharing folders in our SharePoint Online instance for our customers. Our security settings require them to be added to our Active Directory as an external user, upon which they will receive an email inviting them to either use an existing Microsoft account or create a new Microsoft account to access our SharePoint. Once in, we grant them permission to a specific folder and we're good to go.

So far, all of our customer partner users have been able to set up their accounts successfully with the occasional fixable user error here and there. However, for one of our customers, they are seeing the following error when they click the "Get Started" link in the email they receive after being added to Azure AD.

I have no idea why this is occurring. It happens when I click on the link as well, which is not true in other cases, leading me to believe there is something wrong with the invitation being generated.

I want to achieve that the users do not need to user MFA when there on the internal network.

In Azure AD / Conditional Access I am creating a policy with an IP Range as an exception and then grant access to all users requiring MFA.

Do i still need to enable MFA for all users in the Users part of the Azure AD or would this then overwrite my policy
and the users would need to use MFA from also from the (internal IP Range)location?

Thanks,
Franck

Hello,

we are planning to sync two different AD forests to O365 with one Azure AD Connect Server.

The Forests have same:

Forest A: corp.local

Forest B: corp.local

Will this be a problem? Is there a workarround for this enviroment?

Thanks.

Hi All!

I had been trying to configure the password reset using the password writeback but I hadnt get luck.

I had successfully sync two AD forest to my Azure tenant



I am using AR\aadsync as the service account to sync between AD Azure an AD onprem

I had granted the proper permission to that service account

But when the user try to change his password they got these errors:

By the way, I already have below permissions set at Domain level for AD MA account:

• Reset Password
• Change Password
• Write lockoutTime
• Write pwdLastSet

And the user that trying to change his password has not check the option password never expire.

Any ideas? 

Thanks in advance.

Cheers,

Javier.

I am using inbuilt <g class="gr_ gr_11 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="11" id="11">powershell</g> console on https://portal.azure.com and getting below error. My login account is "External Azure Active Directory" and Member with "Global administrator" directory role.

New-AzureADUserAppRoleAssignment : Error occurred while executing NewUserAppRoleAssignment
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADUserAppRoleAssignment -ObjectId e5eaa3e9-611e-473d-a874-4c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-AzureADUserAppRoleAssignment], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.NewUserAppRoleAssignment

I configured azure AD as an identity provider for my organization's application

whenever i try to access the application its redirecting the request to azure login. But I am getting a bad request error and its showing the below message

AADSTS50003: No signing key is configured.

Am I missing something in the configuration