Hello Techies,
I have an office 365 Subscription that was created when i created my Dynamics 365 (CRM) trial version.
I also have a MSDN Enterprise Azure Subscription.
I'm trying to associate the office AZURE AD with my MSDN AZURE Subscription.
Awaiting your valuable inputs.
Regards,
Clement
↧
Associate Office 365 AD Tenant with AZURE AD
↧
Pass-through authentication vs. Federated SSO (with AD FS)
Is there somewhere a detailed comparison between the Azure AD Connect (latest version) sign-in optionspass-through authentication and federated SSO (with AD FS) with advantages and disadvantages?
↧
↧
Remove unneedd objects from AAD
Hi,
I've set up our AAD environment and successfully installed the aad connector on a newly provisioned server, as part of this I set up filtering to only sync members of a specific AD group, this all worked without issue.
I then set up a second server to be used as a staging server, however, didnt have the option to set this up with filtering to tie it down to specific AD group or to put the server in staging mode (I've since found you need to do a customized install, not an express install for these options).
As a result, the second server then sync'd up all AD DS objects to AAD. The problem i am now facing is how to remove all the unneeded objects (i.e. anything not in the AD group I defined).
i have re-installed AD Connect on the staging server with a filter to define the specific AD group, and this is now in staging mode, however I cant remove all the objects that have synced up.
Does anyone know how to get these unrequired objects in AAD removed?
I've reinstalled AAD connect on the primary sync server to no avail.
i cant see any errors relating to deletion protection which I have read can take effect when deleting more than 500 objects.
↧
Login to Azure Joined Laptop With Internet-only Network Connection?
If we switch from on-premises local AD to using Azure-joined Windows 10 laptops, will users be able to log into a laptop without cached credentials or with a password that was just reset without needing VPN or Direct Access connections?
In other words, will the Azure AD domain controllers they authenticate to for device login be accessible from the internet?
If so, what are the requirements to get this type of internet authentication working?
↧
Get AD token using Client certificate
I am trying to use API's for automation where I am able to generate Bearer Token using Client ID and Client secret, but we wanted to use certificate instead of Client secret. We have created application and uploaded the certificate. when we try to
call "https://login.microsoftonline.com/xxx-tenantid-xxxx/oauth2/token" along with client id, client assertion, client assertion_type, scope and grant _type, we are getting below error.
"error_description": "AADSTS50027: JWT token is invalid or malformed.\
Could you please provide your inputs. Thanks
"error_description": "AADSTS50027: JWT token is invalid or malformed.\
Could you please provide your inputs. Thanks
↧
↧
create AD account on domain services
recently enabled azure AD domain services, i want to create account who does not have email address and can run services on windows VM. i have cloud only AD (no Domain controllers on premise). where do i create account on dsa.msc or on AAD.
↧
Adding Cortana channel from account inside company Active Directory
Hi there,
I want to create and test a Bot with a Cortana channel from inside my company AD. Unfortunately, I am not able to add the channel:
You are signed in using Microsoft AAD account. Please note that Cortana Skill development is not supported for this account type. Please use an MSA account to login and continue development of the skill
I am not sure how to overcome this problem. Can anyone help me with that issue?
Cheers
Nils
↧
PKI for Azure AD?
We have an on premises AD with local PKI we use mostly use for user and device certificate based authentication for various things such as wifi, VPN and to create SSL certificates for some intranet websites.
If we completely move to Azure AD (not hybrid AD), I don't understand how we would generate computer and user authentication certificates. I suppose we could purchase web server certificates from a public CA for the intranet, but web server certificates are tiny percentage of the total certificates our PKI produces.
What solution is available other than keeping an hybrid AD instead of full native AAD?
↧
Java client calls to Azure APIs
Hi everyone
My business case is a mobile app (Android and IOS) will be calling Azure APIs (and maybe Windows server 2016 ) to send CSR request and obtain a certificate for the user seamlessly. I've did some searching and found the "Certificate enrollment web service" and "MIM CA" APIs. Also I've read that one of the mentioned APIs is REST based.
I need help in determining what is the right API for my case on both Azure and Window server 2016. And also would like to have a sample code for the consumer in java, since I've search a lot and didn't find one.
Awaiting your feedback
Thanks
your question
↧
↧
Unable to join Azure Windows VM to an “Azure AD Domain Services” domain
I am having difficulty joining an Azure Windows Server 2016 VM to an “Azure AD Domain Services” domain. I think the problem may be that I am not getting my credentials entered correctly when I get prompted for the name and password of an account with permission to join the domain. I have referenced the following document to assist: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-windows-vm-portal
Per this note in the document I have tried both the UPN and SAM account name format but I always get “the user name or password is incorrect”:
Tip - We recommend using the UPN format to specify credentials. If a user's UPN prefix is overly long (for example, joehasareallylongname), the SAMAccountName might be auto-generated. If multiple users have the same UPN prefix (for example, bob) in your Azure AD tenant, their SAMAccountName format might be auto-generated by the service. In these cases, the UPN format can be used reliably to log on to the domain.
Domain name is like: thisnamexxxxxx.onmicrosoft.com (14 characters prefix the “.onmicrosoft.com”)
User name is like: myname@whatever.com
When the credential dialog box comes up I have tried all of the following:
- Domain listed in box: thisnamexxxxxx.onmicrosoft.com username: myname
- Domain listed in box: thisnamexxxxxx.onmicrosoft.com username: myname@whatever.com
- No domain listed in box, UPN format: myname@thisnamexxxxxx.onmicrosoft.com
- No domain listed in box, UPN format: myname@whatever.com@thisnamexxxxxx.onmicrosoft.com
- No domain listed in box, SAM format: thisnamexxxxxx.onmicrosoft.com\myname
- No domain listed in box, SAM format: thisnamexxxxxx.onmicrosoft.com\myname@whatever.com
None of these work.... They all get a NetJoin 1326 error (the user name or password is incorrect)
- thisnamexxxxxx.onmicrosoft.com is listed as my default directory
- I have enabled password synchronization as these accounts are Azure AD only accounts.
- I am using an account that is in the AAD DC Administrators group
- I have verified and re-verified I am using the correct password....
- I have searched and read many answers to this question but can’t seem to find the needed solution
Any help would be greatly appreciated. Thanks.
↧
While deploying two application authenticated using Azure AD on a single IIS server, Authentication page keeps on looping infinitely
I have created two .NET applications having Azure AD authentication. I have deployed both of them on the IIS server with different ports for HTTP and HTTPS.
1st Application: Deployed on HTTP Port 80 and HTTPS Port 443 with the Redirect URL of app1.xyz.com
2nd Application: Deployed on HTTP Port 88 and HTTPS Port 9443 with the Redirect URL of https://app2.xyz.com:9443
While authenticating a user for 1st Application, Authentication flow is working fine where the user is redirected to Login Page and after successful login, the user is redirected back to the application URL.
Where authenticating a user for 2nd Application, Authentication flow is not working fine where the user is redirected to Login page and it keeps on looping infinitely on the login page.
Could anyone please share your comments/suggestions on the above issue?
↧
Cant verify custom domain name
I've set up a custom domain (matching our corporate domain) in Azure Active Directory, I have registered the TXT and MX records as required and can see these when I complete a DIG lookup or similar, however, Azure cant verify the domain.
After looking on various posts, this could be a shadow domain or the domain is already in use.
I dont believe we already have a domain set up, as I would likely be the one that would set it up.
If there anything I can check to get the Azure verify problem resolved.
↧
MFA woes after moving country and losing phone.
Hi,
I'm aware I probably won't like the answer however I have to try. I have an Office 365 E3 subscription which has a single member, me. The admin and user accounts both have MFA enabled and I've recently moved countries (last week), then lost my phone. This means I have zero access to the registered phone number or the codes that are normally generated within the app.
Totally stupid of me not to immediately update to locally accessible numbers etc, and I accept that. I've tried raising a support ticket with MS, but I need to log in to do that. I need to be able to receive the code via email (this still works through app passwords etc) but I can't find any other way of logging in and was hoping someone had a similar experience that they can explain how they went about fixing it. I know I probably need to reach out to microsoft, I just don't know where or how to start, or even if they will help me.
Any suggestions welcome.
ta,
Justin
↧
↧
AAD group expiration policy and O365 retention labels
Hi all,
based on this article (https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle#how-office-365-group-expiration-works-with-retention-policy) it seems that teamsite with applied retention policy will go in some kind of hidden
retention container when it has expired.
Does the same apply to teamsites which contain content which was labelled with Office 365 retention labels?
I was testing it with a team containing labelled content. It expired after 30 days and was soft-deleted. In that phase I still could do a compliance center content seach for labelled content. After I permanently deleted the group from AAD I couldn't find the
labelled content anymore. Is that only because I manually deleted that group from AAD or will that also happen when I would have waited another 30 days to let the group completely vanish?
Does someone has an idea how to speed up retention testing with AAD group lifecycle? Right now it seem to take at least 60 days to do a test scenario.
best regards
Patrick
↧
How to enable "Automatic" option on the registered (non-gallery) apps on Azure?
I have registered an Enterprise application and have shared it with some other Azure tenants (non gallary) and I want to enable auto provisioning for them, but the "Automatic" option is not available. How do I enable it without implementing a gallery
app?
I have implemented SCIM APIs and tested it with a normal Enterprise app described below and it works fine:
But there is no option for registered applications. How do I do it?
↧
Azure Identity Protection missing options from Sign-in Policy controls
Hello!
Started playing with Azure Identity Protection and noticed that I do not have same options for controls that the MS docs site has: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
Image: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/media/howto-sign-in-risk-policy/13.png
I only have "Require Password change" under User Risk policy when allowing access
And only have "Require multi-factor authentication aunder Sign-in risk policy when allowing access
↧
AAD Connect does not synchronize hash password with Linux server with Samba 4
Hello guys.We are experiencing problems which we have the following scenario: We have a Linux server with Samba 4 configured as Active Directory, where we need to synchronize users to the Microsoft
Office 365 AD. We are trying to use the AAD Connect tool, however, the software can synchronize the objects with no problems, but the password hash is not being synchronizing.We configure AD Connect to synchronize only a single OU (Organization Unit) of our local AD, that have only 2 user objects.We have already activated the AD Connect debugging log (miiserver.exe.config file) to verify what is happening, but analyzing it seems that AAD Connect is constantly restarting reading all objects from Local AD, and does not synchronize the password, even configured to synchronize only a single OU. If we force a synchronization with troubleshooting option of AAD Connect with an specific user, so the password is synchonized with no problems too.
Does anyone have any idea what is happening?
Thanks
↧
↧
User work titles do not update in Slack
We are using Azure AD SSO in our Slack workspace and the job titles are not being updated after being changed in Azure AD. In AAD they are updated but the change is not being moved over to Slack. I have added the "title" attribute using theuser.jobtitle attribute in the Azure SSO settings for Slack. According to the Azure portal page this should "Edit the user information sent in the SAML token when user signs in to Slack."
I attempted the "Clear current state and restart synchronization" option but it did not help. Slack support sent this to me after I did that: "I'm seeing the same thing - the latest provisioning request for that profile only included the "Display name" attribute and nothing else (same with the other users)."
Any thoughts on how we can get these titles updated?
↧
AAD Group Policy testing without on premise AD servers
Hi,
I am testing a trial on Azure AD, testing the feasibility to use it for around 100 odd end user devices.
Is there anyway to deploy group policies from the Azure AAD to end user devices running Windows 10 that are joined to AAD, without having on-premise Active Directory servers?
If there is a way to get this done, please detail on how.
Thank you in advance,
Tam
↧
Group policy
Hi,
I am testing a trial on Azure AD, testing the feasibility to use it for around 100 odd end user devices.
Is there anyway to deploy group policies from the Azure AAD to end user devices running Windows 10 that are joined to AAD, without having on-premise Active Directory servers?
If there is a way to get this done, please detail on how.
Thank you in advance,
Tam
↧