Hello,
I'm getting an "There was an error with your license" error after choosing to join an Azure AD Domain then entering credentials and choosing "Join" at the prompt.
I'm tempted to disable Intune, but need to ensure that Windows Hello is disabled, and would like to be able to define that OneDrive folder redirection is automated (Powershell Script).
We've just integrated the azure AD in our environment, however we found out that there are a lot of users unable to logon due to multiple attempts of logon. Is there anyway, we can exclude the block to certain group or unblock the individual user quickly?
Appreciate the advice. Thanks.
Hi
Is there a way to wildcard the enterprise app SSO setup ?
Ie. I have a number of apps that can be spun up and torn down at will by our users. However I need to ensure that the users use their Azure AD logon details to log onto these servers.
Now I can templatise the app setup (including ADFS etc), however I don't want to have to setup each cluster with a seperate Enterprise app, logon point etc. So
Can something like x.app.com has callback x.callback.com and y.app.com has a callback of y.callback.com be setup via 1 enterprise app setup
Let me know
Thanks
Hello,
Is there anyway to synchronize user attributes like "Job Title" between Azure Active Directory and Salesforce?
Is it possible to disable a Risk Event? I'd like to disable the 'Sign-ins from anonymous IP addresses' risk event and it does not apply to our organization
Thx
Hi,
I cannot locate a Microsoft document that will tell me the range of possible values that Azure AD asserts as an IdP in the "Authentication Method" claim in the SAML Assertion.
In particular I want a SAML assertion/claim that will tell the Service Provider that the Azure AD user authenticated with MFA.
Any help appreciated.
Thanks,
David.
Hi i have a question.
Is Azure active directory domain services(https://azure.microsoft.com/nb-no/services/active-directory-ds/) buildt to replace Active directory on premise? Or is it more build towards autenication for cloud apps?
Is it possble to use this as a redudancy for your local AD?
- student
I have a Azure AD B2C Tenant. I created a custom attribute called SUBSCRIBER. The value for this field won't be completed by the user when he signs up. It will be added through the Azure Portal. The Admin will login to the Azure portal, go to the AD B2C users, select the user and then update. But I don't see this custom attribute in the PROFILE view of that user.
How can I update the SUBSCRIBER for any user? What settings that I need to use so to show this SUBSCRIBER field in the profile view so I can update that for customers? If I can't do that, which API should I use to update the customer's fields after the user has been created.
Hi guys!
Im wondering if what Im experiencing could be related to our Azure AD P1 trial expiring.
I no longer can access the following sections
-Azure AD Connect Health status
-Azure Users Sign-ins
-Azure Intune
Also, today while trying to enroll a regular PC on Autopilot I got a very general error message that stopped me from continuing with the initial installation wizard.
Access denied messages I get on sections I was previously able to access:
Thanks in advice for any light I can get about this ( :
Regards,
Lennart
Lennart!
We have a hybrid environment in which our AD is sync to Azure AD and our users are using SSO from Azure AD. Since we get rid of ADFS server and starting to use Azure AD, we have users complaining they have password prompt from their mobile very often. This is happening after we switch on to Azure AD.
I've tried to configure the conditional access to recognize the trusted location in our environment, however i'm not sure whether i'm doing the right thing. Is anyone out there can provide me a guidance and direction to how to resolve our issue in our environment.
Appreciate your help out there. Thanks.
Did try setting maxInactiveTime by using this definition :
-Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"01:30:00","MaxAgeSingleFactor":"1.00:00:00"}}') -DisplayName "WebPolicyScenario"
As per my understanding MaxInactivetime will define how long a user can be login even with out using the refresh token to get new access token after access token get expire
If I am correct,in this scenario it should not asking for with in 30 min after my access token got expire (60 min is lifetime of access token)
After 30 min only it should ask me for login but its not happening like that where its asking for login even I stay for 1 min with expired access token
have a cordova application in which i am using Cordova plugin (cordova-plugin-ms-adal)Active Directory Authentication Library (ADAL) .I want to authenticate the user using Single Sign On feature of Microsoft Azure.The scenario which is working fine for me now is :- Working Scenario:- using the plugin as :-
var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");
authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msal9314af11-xxxx-4058-xxxx-9f7e60c3d9d5://auth', '', '')And in Response I am getting Response in Token and token Expiry Date Successfully:-
console.log("Token acquired: " + authResponse.accessToken);
console.log("Token will expire on: " + authResponse.expiresOn);From the Above I am able to access the web api`s which is also hosted in Azure Active Directory.
Scenario Failed :- Using Brokered Authentication for Android using MS Adal Cordova Plugin I will Set the Below code
Microsoft.ADAL.AuthenticationSettings.setUseBroker(true);
var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");
authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msauth://PackageName/base64EncodeString', '', '')And in Response I am getting Response in Token and token Expiry Date Successfully:-
console.log("Token acquired: " + authResponse.accessToken);
console.log("Token will expire on: " + authResponse.expiresOn);Using Microsoft.ADAL.AuthenticationSettings.setUseBroker(true); I am getting Enroll Device when i sign in to my microsoft account because the User is set in Conditional Access policy for Device Compliance. I will enroll the Device and Microsoft Intune is installed in my phone. The Enrollment is SuccessFull And i get my account to select the next time i open the app but the Web Api`s are Called I get the response from the Web API as Microsoft Sign In HTML Page in return . API is not returning json DATA which is Expected.
Hi,
I have given users the "Intune Administrator" role and they can obviously administer Intune but they also need to be able to use Powershell (CloudShell) to backup Intune configuration, make copies of config etc.
What role do they need to do this?
At the moment the Intune Administrators get:
"Need admin approval
Microsoft Intune PowerShell
Microsoft Intune PowerShell needs permission to access resources in your organisation that only an admin can grant."
Thanks.
I have a B2C Tenant in my Azure account. I registered an application in that tenant which has users. That is working fine.
I go to my default directory\Active Directory\App Registrations, I see the following applications.
What are these applications? I don't see any details when I click these apps. Are these associated with the App Service that I have in my Azure account?
***Adding an Edit***
I was able to create a VM and successfully join it to the Azure AD Domain. However when i open Azure AD Administrator I am getting the following error: "Cannot connect to any domain. Refresh or try again when connection is available"
The machine has joined the domain.
***********************
Hi,
Im new to Azure AD and have been struggling with join on linux machines.
I started using Azure AD with windows machines where a simple account email ID allowed my office employees to join easily using their Azure OnMicrosoft ID. But this has not worked for our linux terminals.
I have set up Azure AD Domain Services but I am unable to use the same domain which is xxxx.onmicrosoft.com to work. I am getting the error "realm not found".
Can someone please provide me a solution to this or step by step instructions for the same?
Thanks
Sid