Afternoon,
I've just downloaded and installed the new Windows Configuration Designer, and am trying to set up bulk enrollment to Azure AD, but whenever I click "Get Bulk Token", I get the prompt to sign into my account but then come back to the first screen with the error:
Bulk token retrieval failed
Bad Request
Have tried on a couple of machines, and get the same error each time.
Thanks in advance,
Dan
We managed to add the SSPR link on the win10 login screen using GPO (the device is hybrid joined). However when we click on the link we have this error message :the sign in method you are trying to use isn’t allowed…
According to https://community.spiceworks.com/topic/849103-you-cannot-log-on-because-the-method-is-not-allowedwe have to allow log on locally
ð To fix that, we granted to the account the permission to log on locally.
Q1 : is that really necessary? we are using deny log on locally except for legitim accounts (admins).
Now when we click on the link, we have no more this error message and before accessing to the SSPR portal, adefaultuser1 account is created. is that normal? it seems that the problem is known : https://github.com/MicrosoftDocs/azure-docs/issues/15584
Q2 : is that normal? what is the default user used for?
Thank you in advance.
Best regards,
Hello,
I tried multiple times to login Azure Account and chosen the option "Don't ask again for 3 days" in order to avoid repeated code entries for 3 days but it still ask me to enter a code which sent to my phone. Kindly check the snapshot to get better understanding of the issue. You may also notice the time that how frequent i tried the test.
Hope i have explained the issue clearly. could you please suggest me how i can bypass or suppress the text code entry pop-up for said days.
Kind Regards,
Ajay.
I have an Intune managed Windows 10 device that is Azure AD joined.
I have powershell scripts configured required to run on managed devices as the local system account.
In such a PowerShell script, I want to acquire a bearer access token for an application resource (e.g. O365 or MS Graph or a storage account). Since this is non interactive process and it’s not running under the context of an AAD user (just an AAD joined device), I’m trying to understand if there is any way to get a token in this context.
Note that this question is not at all Intune specific...I’m just using the PowerShell script as an example.
Question: how can I authenticate with AAD as a managed AAD device running as the SYSTEM context.
Thanks.
Hello,
I've followed MS and a few other sites links on how to setup Cloud Printing within Azure AD.
I'm running into this error and wondering if anyone else has? I've not figure it out, it seems like its a permission issue.
Publish-CloudPrinter : Exception calling "RetrieveOAuthToken" with "3" argument(s): "System.AggregateException: One orHi all,
I posted this in a Dynamics forum, but was asked to post here.
Can I flow the logged-in user credentials to a Web API that is running in my customer's tenant in Azure?
Background:
I'm building a Web API in Azure using .Net Core 2.1. I have a web app that will access this API, and plug-ins from various systems will access it as well - Dynamics AX, Dynamics CRM, Dynamics 365, etc. This application will be installed into the tenants of other customers. So the caller is the plug-in, not the other way around. The plug-ins will be installed into the customer's instance of the Dynamics systems.
Right now, the API is secured using Oath2, with a client ID/password - in other words, not using the credentials of the calling user. That's because I can't get the credentials of the user in an Oath2 form without requiring them to log in again.
Note that my team controls the web app and the plug-ins.
Is there any way, in a plugin like I mentioned above, where I can get the user's credentials in a way that I could pass to the API without requiring another login?
I would prefer to use AAD/OpenID because:
1) I really don't like the idea of a shared secret
2) we are thinking about allowing our customers to write to the API as well
3) My customer would like to enforce a 'Named User' licensing model. Right now, I'm relying on the plug-ins to send me the name of the user. If we allow #2, the customer could write code that always sends me the same name, bypassing the Named User licensing requirements.
All of the examples (for every plug-in type) show getting a token by using a shared secret.
Thanks in advance.
Hi,
I need to migrate a large java web application to azure cloud. The application uses ldap authentication within the same domain.
--------------------------
I was able to migrate the web application itself by using tomcat apache azure custom web-app and setup ldaps authentication over the internet.
--------------------------
Current issue is that we also have a SQL and IIS server.
Is it possible to authenticate users with ldaps over the internet both from IIS Webdav (fileshare) and the SQL Server? They can't be domain joined. Azure AD Domain Services is not an option.
Automation
Is it possible to lock down an App Registration API login to a set of fixed IP addresses? I know it is possible for Azure AD users with Conditional Access, but I couldn't see a nice way to do it for App Registrations. Am I simply missing something?
I am trying to delete a custom domain from an Azure Active Directory, but get the error "errorCode": "ObjectPendingTakeover".
The domain is not marked as primary, is not used by any resources, and I have signed in as a use that does not have the domain name as part of the username.
Any suggestions on what I can try?
I created a new Azure Active Directory and added our real domain to it (verified through TXT record in DNS). When I was done playing around with it, I created another one that I intended to use for production purposes. When I tried to add our domain to the new AD instance, it complained that the name is already in use and that I need to remove it from the previous instance first. But when I try to do so, I get the following unhelpful message despite having all of the three prerequisites (Users, Groups, Applications) checked off:
"Deletion of ' ****.com' failed. Please try again."
I have tried again, many times over a few days. A similarly unhelpful message appears in the Notifications.
Does anyone have any ideas?
Edit:
Here is more information on what I did:
Edit 2:
The reason I was doing all this is that we needed to migrate from the old Partner Membership Center, which uses personal accounts, to the new Partner Center, which uses work (AD) accounts. All the steps above were taken before I had started the transition process from PMC. I have now switched to the new Center and used the second AD with an onmicrosoft.com account. But I would like to create a new Global Administrator with our real domain in its name. I did not use the first AD because it had the word "experimental" in its default domain.
Edit 3:Hi,
The issue is with adding a new reply url into Azure AD application.
Regardless value or edit through manifest file or via portal - replyUrl I get these errors on few applications those have already been registered and contains 50+ reply urls each.
The error says: "Unable to complete the request due to data validation error."
Hi All,
A newbie here. We have the Azure - Workday SSO configured and it is working fine, but I cannot logout from workday. As per the config doc, the logout URL must be "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0". This was configured in Workday. So when I want to logout, it is failing (I do see this URL in browser) with the error
Sign InSorry, but we’re having trouble signing you in.
We received a bad request. |
Any thoughts on this error? Where can I check the logs? Thanks.
First, apologies if this is in the wrong forum, but I tried to post in the most relevant place.
We would like to be able to import attributes from an external vendor (ADP) into Azure AD. I read that there is way to have Azure AD attributes go to ADP, but we are looking for the other way around. For example if a new user is created in ADP, we would like to have a new user created in Azure AD with the relevant attributes carried over. Or if any changes are made in the ADP system, for those changes to replicated to Azure AD.
Is this possible?
The docs for Azure cover RelayState (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-portal) as it's a fixed parameter. In the SAML world, it is used for Service Provided (SP) initiated SSO flows to allow
the redirect to happen for different URLs.
The RelayState parameter in ADFS is generated according to these docs (https://social.technet.microsoft.com/wiki/contents/articles/13172.ad-fs-2-0-relaystate-generator.aspx). Does Azure AD have similar encoding for it? I'm unable to find any mentions
of whether RelayState works the same way as it does in the ADFS setting.
Hi there,
I activated Visual Studio monthly free credit. Then I added me as Account Administrator and try to create a new MSDN subsctiption. This caused my subscriptions were converted to EA. How can I fix?
Thanks in advance,
Clemente
Brian Hoyt
Dear MS Community,
I get always the error code (0x80070658) when i start to install the Intune Connector (Hybrid Cloud solution). The error code is already well known at Microsoft like on this link: "https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/intune-connector"
The described solution of MS is to change the OS Language to "EN only" and then continue with the installation, but in my case it didn't work.
The on-premise DC were I wanted to install the Intune Connector also contains the AD sync. to the Azure AD (currently we do not sync. on-prem. AD devices to the Azure AD and the write back of the Azure AD to on-prem. AD is disabled)
I already tryed a "pre" project of Intune/Autopilot with only a "AAD join" configuration and it worked fine, but the "Hybrid AAD join" makes troubles with the installation of the Intune connector.
Does somebody also have the issue? or a solution for this problem?
i want assgin licenses to guest user.prompt:
Licenses not assigned
License cannot be assigned to a user without a usage location specified.
I not found set location position
I need help~
I have two sign-in policies residing in the same B2C tenant, one with MFA disabled and one with it enabled. I want the sign-in policy with MFA enabled to be used for step-up authentication i.e. if a user has already logged in with his username and password(via a policy), it should only prompt him for MFA not for his username and password once again.
The behavior I have observed is that sometimes the user is prompted to enter his credentials and sometimes he is only prompted to verify his phone number (roughly every alternate time). Is there something I can do to make sure the user is never prompted for username and password. (FYI both policies have the same Identity Providers, Claims and SSO/Token config)
Hi,
I was asked what exactly is the option "Enterprise Joined = no/yes" on the Device State of the output of dsregcmd /status.
Can someone explain that option, as I can't find any documentation.
/Peter
Peter Stapf - ExpertCircle GmbH - My blog:JustIDM.wordpress.com