Hello
Instead of using a Microsoft Account, users may sign in to their PCs with their Office 365 ID (E3 Subscription) and this registers them in Azure Active Directory. So far so good.
Now, how do I manage those PCs?
↧
PCs registered to Azure AD with Office 365 ID
↧
Synology Azure ADDS
Hi All.
Is there any possibility to connect Synology NAS with Azure ADDS? I create properly AAADS and from Synology I can see my configuration from Synology devices (check screen)
But when I try connect using my global admin username / password I receive this error:
I tried many of configuration and none is working.
NSG for AADS is configured properly.
↧
↧
AAD - Unable to complete due to service connection error, please try again later.
Hi,
I Used AAD Connect to sync our AD and it works fine.
Now i get the following Error when Accessing "All users" List
Only have this Problem with 2 users and all Browsers.
Works fine for 2 other users.
What i've tried:
- Restart Computer
- Different Browser (IE, FireFox, Chrome, Edge)
- Delete all Browser Data (inkl Cache and Logins)
↧
Azure B2C - After 60 mins getting the new ID Token,Access Token with new Refresh Token
Dear All,
We have followed and configured the B2C asp.net core application and it works perfectly.
Now, the problem is after token life time expired application is raising the run time exception. We wanted to get these token again.
Please let me know How to achieve this so we can avoid making the user login manually.
Thanks
Selvakumar Rathinam
↧
Multi-Tenant Application Registration
I have registered a multi-tenant application from app registration section. A user from external tenant consent the permissions and signed in. In doc is written that after consent the Service Principal of Application has to be appeared in user's enterprise applications' list. But it doesn't work. User from external tenant cannot see the application that he consent in his external tenant.
Thank you!
↧
↧
AD on-prem UPN support for Hybrid Azure AD Join
Hi,
we have what I think is called a managed on-prem domain with a routable UPN (our on-prem UPN is the same as username and mail address in AAD/O365). We use Azure AD Connect where we have configured SCP, and we do not have AD FS. We want to implement hybrid AAD join and use Intune without Config Manager to manage our Windows 10 devices. According to the support matrix below, it seems like we actually do not have a supported environment for our goal? Can someone confirm or clarify what the supported scenarios are?
| Type of on-premises AD UPN | Domain type | Windows 10 version | Description |
|---|---|---|---|
| Routable | Federated | From 1703 release | Generally available |
| Non-routable | Federated | From 1803 release | Generally available |
| Routable | Managed | Not supported | |
| Non-routable | Managed | Not supported |
Source: https://docs.microsoft.com/en-gb/azure/active-directory/devices/hybrid-azuread-join-plan
↧
Role Assignment
What will happen if I assign global admin role to guest user. How he can manage my directory resources? Can he login to my directory or my resources will appear in his external AAD?
↧
Syncing Domain Users with Azure/Office 365
Hi,
I have recently set up a new local Windows Server 2019 running as domain controller. We are small company with a good handful of users.
Previously I had a SBS 2012 that used to be linked to Office 365, but that link somehow died during an upgrade process a year ago, and since then passwords have not been synced from AD to Azure/office 365.
On the new server I created the new user accounts on domain ABC.local, and have set up ABC.ch as UPN suffix in the AD Domains and Trusts. When syncing now to Azure it can not link the local AD users to the original existing users in Azure/office 365 with the same user names. Instead I get an error for the 5 accounts saying they might already be connected to local accounts referencing https://docs.microsoft.com/da-dk/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync.
Could this be a link to the old SBS 2012 server that needs to be broken from office 365? I read about the soft linkage to azure/office 365 and I have entered email address that is the office 365 user names and changed the Account tab in AD Users and Computers to read username and then @ABC.CH as the email address would be on Office365.
Any ideas on how to get the existing local and existing azure/365 user connected?
Thanks,
Lars
↧
Azure AD / Bitlocker Tenant to Tenant Migration
Hey everyone just a quick question we have a client who purchased another client both on Office 365.
The newly purchased client as all his computer joned to Azure AD and bitlocker enabled. Just want to be sure, but what we will propose to do is
Azure AD:
Create a local admin account
Disconnect from old AAD
Log in as local admin
Connect to new AAD (this will be the onmicrosoft domain till we migrate the emails, after we migrate and add the domain to the tenant this should automatically switch from onmicrosoft to domain.com
Bitlocker they are not using intune
I would assume disable Bitlocker from the control panel on each computer
then re add it to the new tenant
thanks for all the help
↧
↧
AIP Scanner - error acquiring token
Hello,
Has anyone solved the issue where you get:
"Set-AIPAuthentication : Unable to authenticate and setup Microsoft Azure Information Protection At line:1 char:1 ..."
when trying to get the security token using the parameters -webAppId -webAppKey -nativeAppId for AIPScanner?
I am using a demo tenant (m365xxx.onmicrosoft.com) and a test domain (testdomain.local).
The two apps have been created in AAD following the documentation.
My local AIP service account is synced via ADConnect and has local logon rights to my AIPScanner server.
I am running the Set-AIPAuthentication with powershell running as my service account.
If I run *just* the Set-AIPAuthentication cmdlet, I am asked to provide credentials (service account), and I get a token.
If I run with *any ONE parameter* it seems to work.
If I run with *any TWO parameters" it seems to work.
If I run with *all THREE* parameters, I get the error.
I noticed someone else has a similar posting, with no resolution. Has anyone found the explanation for this error?
Thanks!
↧
Azure AD Client Credentials /.default
Hi,
I'm looking to use Azure AD Client Credentials to secure server-to-server request using the v2.0 endpoints.
However, I've noticed that the scope parameter doesn't actually take in a scope but rather the app ID reference appended with /.default which forces you down the permissions route. You end up with roles in the token instead of scp (scopes).
It feels as though Azure AD have followed the correct OAuth URL formats for the token exchange but deviated away from the actual parameter information.
Is there a way to pass in actual scopes that the service requires instead of the /.default?
↧
Can we use PTA as a backup for PHS
Hi Team,
can you please guide us, how we can use PTA (Pass through Authentication) as a backup for PHS (Password hash Synchronizing). Thanks
Dhaneswar
↧
Azure Self Service Password Reset
Hi Team,
I have configured Azure Self Service Password Reset on my Hybrid Infra, but when I am reset Password through "https://aka.ms/sspr" link getting "
This password does not meet the length, complexity, age, or history requirements of your corporate password policy. Error. I have assigned P2 Azure AD License. Please suggest me what I am missing. |
Thanks Devendra B2-Consulate(Capgemini)
↧
↧
Azure AD Domain creation fails with gateway Timeout
Tried multiple times to create a new Domain service, but it fails with:
"statusCode": "GatewayTimeout", "statusMessage": { "error": { "code": "GatewayTimeout", "message": "The gateway did not receive a response from 'Microsoft.AAD'
within the specified time period.
↧
Cannot Delete Directory
When I attempt to delete my Directory I have 1 required action on the "Enterprise applications" row that says "Delete all enterprise applications". However, when I click through on the required action I see no enterprise applications.
How can I proceed?
↧
Group Policy management through Azure Active Directory Domain Services?
Dear Team,
please help us whether we can push Group Policies to the Azure Ad joined machines using Azure Ad Domain services?
i can push policies to azure vms which are joined to Domain. but when i tried to push the policies to Clients which are Azure-ad joined Machines Policies are not working.
↧
Access Azure B2C Sign-In logs after 90 Days
Hi All,
We are trying to overcome a situation where we need to delete the users from Azure B2C directory who have not logged in for more than 90 days. I am using the graph api, but it returns me the login history for max 30 days.
All searches i made direct me audit logs ob Azure AD and not B2C (i presume, they are not the same). The graph api as well that i found for B2C was for audit logs and not just the sign in logs, which is also in beta version of the api only.
I need either help or alternatives on how this could be achieved. Thanks in advance.
↧
↧
AcquireTokenAsync by user entering thier username and password
Is it possible to create a console app using ADAL that prompts the user for login details. IE the Microsoft login screen is displayed
I want the user to enter their details and their token to be returned when I call AcquireTokenAsync .
Or is this an anti pattern for security reasons?
↧
Is it possible to revoke user permissions by removing him from the Azure AD Security Group after he signs in?
An AD Group is assigned a role (say Reader for a particular Subscription) and then a member (user) is added to the group.
Now when user logs in to Azure Portal, he gets assigned the same role as the group to which he belongs. Say after signing in to portal, I remove him from the group (by calling API or through CLI), why don't his permissions get revoked?
↧
Merge different EA accounts after acquisition
We have our Office 365/Azure EA account with a few subscriptions and many resources there. It also integrates with our Active Directory.
We recently acquire another company who also has Azure EA account with their own subscriptions and many resources there as well. They also have Azure Devops (TFS) and using their source control and pipeline there. This integrates with another AD.
After acquisition, we would like to start thinking about merging these 2 azure accounts together for tracking and managing purposes but i'm not sure if it is possible to do so, especially they're both integrated with 2 different Active Directory.
Does someone have this situation before or have some suggestion what is the best practice to handle this? Microsoft must have customers like this before.
Thanks
↧