Hi,
I am having trouble with receiving the SignIn Logs of Azure Active Directory to a storage account through Azure Active Directory Diagnostics Settings. I enabled the P2 trial license and then configured the storage account to get sign in logs as well but they are not coming. I have tried disabling and then enabling again as well after some time but nope. Could you please check?
Directory ID -- 2dfc6a32-d03c-4504-8d69-f08da326f294
Any idea what is happening?
Thanks,
Pranav
Hi,
Is it possible to get the authorization logs from the Azure Active Directory or Azure?
I am looking for logs which get produced when one person (who doesn't have the permission) tries to perform an operation
which he is not supposed to do. For example, a Key Vault Contributor trying to change the Web App settings. Can I get those logs? Any way?
Thanks,
Pranav
I have Web api which is used by may applications. Now for some analytics purpose need the app name which is calling my web api.
All applications which are calling my web api are registered in AAD. All clients call my web api with a application generated token. I can get the app id from claims.
I had a solution but i dont want to maintain appid-appname in my config file as these will be changed from environment to environment and its hard to maintain for growing number of clients.
Hello,
I hope someone can confirm for me if I am out of luck on my issue. My current setup has my on-prem Active Director replicated to Azure AD via Azure AD Connect. Then I have a hybrid setup between my on-prem Exchange 2013 and Exchange Online. Now some of my users are starting to use new products such as Microsoft Teams and one of them went to update their profile picture on-prem which at this point is up to date.
In Azure AD the picture is still the old one. Now researching online I see it says that the Azure AD profile picture is only initially synced from my Active Directory and then never again. I further find articles talking of updating the picture in Exchange Online which will show up else where within Office 365 and Azure AD. My issue is this user is not currently setup within Exchange Online for their email as they are still an on-prem user. Is my user simply out of luck until I can move them to Exchange Online?
Nicholas
Hello!
I was using https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code#daemon-applications-accessing-web-apis-with-the-applications-identity to test automation with service principals and hit a road block.
When the value of key="todo:TodoListBaseAddress" in app.config file is changed to the URL of the web api it fails with the following error.
System.AggregateException
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at TodoListDaemon.Program.Main(String[] args) in C:\gitClones\active-directory-dotnet-daemon-master\TodoListDaemon\Program.cs:line 82
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The underlying connection was closed: An unexpected error occurred on a send.
Inner Exception 3:
IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Inner Exception 4:
SocketException: An existing connection was forcibly closed by the remote host
The URL works fine when pasted into a web browser. Can anyone verify that the sample works as intended?
Thanks!
On my Azure account, I enabled Azure Active Directory Premium FREE trial a few weeks back. The trial is for 30 days. When I go to Azure portal and Click on `Azure Active Directory` from left, it does not give any option to find out exactly when the trial had started. I don't recal the exact date I had started the trial and there is no email sent by Azure on my email address on their file for my Azure account.
Question: How can I find out when exactly trial expiration date is so I can discontinue the Azure AD trial subscription because according the above link after the trial the regular rate applies and there is one year commitment (that I do not wat to make). Please help.
UPDATE:
Please note that this is NOT an Office 365 plan. It's a regular Azure plan that you get access to viahttps://portal.Azure.com.
When I click on Azure Active Directory on the left menu of my regular Azure account (not Office 365), I get the following:
When I click on Azure Active Directory > Licenses > Purchased Products,I get the following screen:
And when I click on first row above, I get the following screen:
I keep getting this returned when we try to use the custom page layouts.
Microsoft.Identity.Client.MsalServiceException: AADB2C90047: The resource 'https://carware.blob.core.windows.net/dmslogin/custom-ui.html' contains script errors preventing it from being loaded.
It looks correct if you run the user flow. but when called from out program we get the error. Also.. if you don't use the custom page layout everything works as it should.
CORS is set for the blob storage account.
Here is my custom html.
<!DOCTYPE html>
<html>
<head>
<title>Sign in</title>
</head>
<body>
<div>
<img src="https://carware.blob.core.windows.net/dmslogin/one_line_logo.png" />
<div>
<div id="api">
</div>
</div>
</div>
</body>
</html>
as you can see it really isn't very complex.
Any ideas as to what is going on here?
I really don't know where to post din but since my problem involves azure, I'm going to drop it down here.
Basically, what I am trying to achieve is to create an appointment in my outlook calendar from my WinForm App so I looked if there's an API for that. I found out about the Microsoft Graph. I read some docs and they are redirecting me to an Azure Portal which
I really don't have.
Will you be so <g class="gr_ gr_517 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="517" id="517">kind</g> to explain what will be the things I need to get this done.
Also, is this MS Graph API free, Is Azure free?
Regards
I've tried to configure this trust multiple times using Azure AD Connect Wizard and it fails ever time. I tried pasting the output of the install log while trying Federate an Azure AD Domain but it was too long.
Can the trust be created not using Azure AD Connect?
I have automated provisioning set up between Azure AD and G Suite. This works fine, I enter admin credentials for G Suite and authorise Azure AD, then users get provisioned across.
Then a few hours later, I get an email to say that automatic provisioning failed. I log back into Azure, re-authorise the connection to G Suite, and all is well once again.
Surely this can't be right. I thought the whole point of automated provisioning is to automate things, if I have to log into Azure and re-authorise a connection multiple times each day then the purpose is defeated.
What is the recommended approach from Microsoft on dealing with this? Can a Google service account with domain wide delegation be used so that I'm not entering an actual user's credentials? Have I missed something obvious like a tickbox?
This is the tutorial I used to set this up. Specifically see steps 11 - 14. https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-provisioning-tutorial
This is the error I get in Azure audit logs:
I have setup two AD DS forest which are both setup for domain join with Azure Active Directory using AAD Connect latest version.
I have a federated scenario using ADFS 2016 and everything seems to work fine. I now also activated Hello for Business with Key trust scenario, and also this works without detecting any problems.
Because I have ADFS, ADCS and also have services depending on smartcard authentication (certificate auth) I would like to switch Hello for Business to certificate trust instead of Key trust.
So I started checking if everythings is in order to get this working. I noticed the following AadCloudAPPlugin event errors, is there anybody who can explain what general problem I am having here. Or how to fix this.
1081OAuth response error: invalid_requestMike Couwenbergh IT Infrastructuur Architect
Hi All,
We have AADconnect to sync the objects with Azure. version 1.1.882.0
Recently i have noticed most of the Connector space are stopped and changed as Placeholder. So objects are not synced to azure.
Then after executing Full import , then again all the objects are connected to MV.
What could be cause of the issue.? any communication error with AD or Management agent issue.
Also advice how can i avoid such issue in Future.
Regards,
Sridhar
Sridhar
Hi All,
We have one JAVA code written using ADAL4J 1.1.3 version and we make use of Tenant,Client_ID,Resource,username and password to call Host = https://login.windows.net.
This code was running fine on Server for past 1 year but since last few weeks throwing error "MP: exception caught with cause java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" .
Same program is running on my local machine and I am able to fetch Token But on server it is giving error.
Seems we need to add some certficate/root but which one as we already have login.microsoftonline.com certificate deployed.
Thanks...
Our environment has 2 managed domains (abc.net and abc.com) in Azure. some users are configured abc.com domain and some users are configured using abc.net domain. We are using Azure AD and have no link with On-Premises AD.
Can anyone suggest if we need to configure LDAPs then do we need to configure it on both managed domains? if we have to configure LDAP on a device then how can we tell the device to connect using which account (abc.net or abc.com)?
Can we authenticate abc.com users using abc.net service account on the device?
Thanks!
I have a on-premises database, and I need to use Azure AD B2C. AD B2C needs to use data from the on-premises database.
So one way to implement it is to create a new Azure AD from the on-premises database.
The question is that how should I go about creating a new Azure AD and import database schema into the new Azure AD, and populate user data?
Is my thinking above correct?
When setup, we migrate data first, then after migration, we need a sync job to sync the data maybe once every few hours (not sure the interval yet).
Update
Do the two links below only apply for external identity provider, like Facebook, not company azure AD?
What are the difference between these two links?
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration
Again, Can I use Microsoft Graph API instead of Azure AD Graph API?
https://docs.microsoft.com/en-us/graph/overview?toc=./toc.json&view=graph-rest-1.0
Hi I am looking for solution to fix bug in WSE2016 dashboard. Dashboard version 10.0.0.14393.0.
Users add-in version: 10.0.0.14393.0
In Add microsoft cloud accounts dialog i get error:
The following exception occured in DataGridView:
SystemArgumentException: DataGridViewComboBoxCell value is not valid
To replace this default dialog please handle the DataError event
Any ideas, or temporary workarounds?
Hi,
I was wondering if anyone can advised the best way to migrate Azure Joined windows 10 machines to new tenancy.
Old tenancy is cloud setup. New tenancy has on-site AD with Azure Connect.
Thanks in advance