we are trying to make a webpage where user can see all his assigned tasks, pipelines using devops api. The question
as we know azure supports the advanced app service authentication / authorization (EasyAuth) were tokens generally stored and managed from azure once user authenticates the request with azure AAD. so, how can we integrate this to have access the devops api.
Thanks.
Hi
I have and angular project talking to .Net Core 3.0 Web API, authentication Azure AD. Apps setup for both, have followed instructions to expose API and then Grant Permissions. Client app logs in successfully but get this error at the point it trys to call my web api.
Anyone got any ideas?
Regards
Mike
Hi All,
I've added a few apps using Azure as our identity provider and it went fine, this one app I recently added however was working and then all of a sudden I would receive this error upon browsing to the SSO url. Has anyone come across this before? I tried using fiddler but I can't make heads or tails of the error message.
Unknown or Unusable Identity Provider
The identity provider supplying your login credentials is not authorized for use with this service or does not support the necessary capabilities.
To report this problem, please contact the site administrator at root@localhost.
Please include the following error message in any email:
Identity provider lookup failed at (https://www.fakeurl.com/Shibboleth.sso/Login)
Thanks,
Windows10_Allow_Untrusted_MFA | Require multi-factor authentication |
I have setup an app and provided delegate permissions for Mail.Read.Shared and Mail.ReadWrite.Shared. The token I get back from baseUrl/{tokened}/oauth2/v2.0/tokendoes not contain any roles. Can you tell me what is causing this?
Thanks,
Samuel
Is there a way to update the custom properties of B2C users from a native application? From what I can find, we should be using the Azure Graph API, but it appears to require a 'normal' AD application registration and using a client secret. We would like
to be able to update (custom) user properties from our native application, using a token belonging to the user, not a client secret belonging to the application.
Hello, we have an Azure account which has been created a long time ago by previous IT company, which provided services to our organization. We retained the login information of one account, but it does not seem to have all the permissions needed to fully manage all options in Azure portal. Using powershell we did find 2 accounts listed under "Company Administrator" with email addresses ending with .onmicrosoft.com, however, we are unable to login as any of these accounts. Is there a way to add Global admin privileges for the account we currently use to login to Azure, provided, we can prove the ownership of this account.
Thank you.
I can't seem to get ESR to work.
Setting in azure active directory is enabled for selected.
Able to make te Sync settings in windows 10 Pro
but get errors in eventlog/AAD we have MFA enabled.
Could it have something to do with MFA.
Any advice where to look or what to do i am lost.
Regards Marcel
Error: 0x80070005 Access is denied.Walter
Hi,
I want to apply corporate Wallpaper, Screensaver and lock screen in client computers through Intune. Clients are using Windows 10 professional operating system and currently no configuration available for change wallpaper in Intune for Win10-Pro.
That's why I have applied through Powershell script option. below simple commands are run through script file.
For Wallpaper:
Set-ExecutionPolicy Bypass -scope Process -Force
set-itemproperty -path "HKCU:Control Panel\Desktop" -name Wallpaper -Value “c:\Windows\Web\Wallpaper\Windows\wallship.jpg”
rundll32.exe user32.dll, UpdatePerUserSystemParameters, 0, $true
For ScreenSaver:
Set-ExecutionPolicy Bypass -scope Process -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name ScreenSaveActive -Value 1 -PropertyType String
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name ScreenSaverIsSecure -Value 0 -PropertyType String
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name ScreenSaveTimeOut -Value 60 -PropertyType String
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name SCRNSAVE.EXE -Value “c:\windows\Web\Wallpaper\Ethics.scr” -PropertyType String
After run this scripts through intune status is showing successful but not changed anything in Client laptop. Also pls help how to change Lockscreen.
is these correct scripts to change wallpaper, screensaver ?
Please help
Thanks in advance
Hi All,
We have been breaking or brain with the following problem creating Conditional Access Policies to do the following:
Thanks! Dan
Hi,
Does Azure information protection included in Azure AD Premium 1?
Regards,
Kavindu.
I am trying to make a console app in C# through which I want to migrate more than 100000 users to Azure AD B2C.
We are using Graph API for this purpose.
My current approach creates a single user account per API call and it takes more than 12 hours to migrate around 50000 users.
To reduce the overall time I want to send data in bulk instead of one by one using the API. But, I am unable to find any solution for it.
Is there an API endpoint available for creating users in batch. Please help.
Also, If I want to delete these users in batch. Is it possible to do that?
I want to use Azure AD for signing in to the Opsgenie application. As far as I found, there are two ways of configuring Opsgenie application on the Azure AD. One of them is from the Application Gallery and the other one is from the application registration menu. I have tried both of them but couldn't successfully sign in to the Opsgenie application from the Access Panel. I am able to successfully log in to the application from the Opsgenie side, so the configuration seems to be correct.
However, when I try to access to the application from Azure, I am not able sign in to the application. Opsgenie shows an error message like "No SAML response was provided". Then I checked the HTTP request sent from Azure to Opsgenie, and I couldn't see any SAML data in the request. I wonder why I am not able to use IdP initiated SSO with Opsgenie and Azure.
I have a few questions about this issue.
- In the Opsgenie configuration tutorial from Azure AD, it is written that Opsgenie supports SP initiated SSO. However, I have seen other apps whose Azure configuration docs say "Both SP and IdP initiated SSO is supported". May I ask why Azure
does not support IdP initiated SSO for Opsgenie? I ask this here because it is only written in Azure docs. There is no such information about this on the Opsgenie documentations.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/opsgenie-tutorial
- This document says that I need a "Subscription or Azure AD Premium" to use SAML SSO. Does this mean I need an Azure AD premium account to use IdP initiated SSO. Might this be the reason why I am not able to sign in from Access Panel?
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
- I saw that legacy app registration menu support will end this month and new one does not support URLs that include query parameters. Thus I have configured my application by using the legacy app registration menu. My question is, will an application continue to work after the legacy support ends, if it is configured with a URL including query parameters. This question is related to already configured applications. I know that new applications will not be configured using URLs with query params.
Thanks!
When I first tested out Windows Autopilot + Microsoft InTune following the steps in
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm
I was able to successfully join a Windows 10 Enterprise VM operating in my home computer (Hyper-V), but the deployment profile initially defined new users as standard. I was thus unable to perform any admin-level activities (e.g. System properties config sections)
On a second Windows 10 Vm operating within our company Hyper-V server, the deployment profile was adjusted to let new user be administrator type. My colleague tested the Autopilot process on that VM. Subsequently, I signed into that VM as well, but noted that I being the second user was considered a standard user as well.
My colleague (global administrator for Azure AD) adjusted the domain devices settings, enabling the [Additional local administrators on Azure AD joined devices] policy and declared my user account as part of that group.
It's been nearly 24 hours and the policy does not appear to have flowed through to the computers despite multiple sync attempts. When signed in as my account, I still get challenged for administrator credentials. Are there still additional configuration steps we missed? Or does this particular policy take an awfully long time to sync and take effect?
The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral
When I first tested out Windows Autopilot + Microsoft InTune following the steps in
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm
I was able to successfully join a Windows 10 Enterprise VM operating in my home computer (Hyper-V), but the deployment profile initially defined new users as standard. I was thus unable to perform any admin-level activities (e.g. System properties config sections)
On a second Windows 10 Vm operating within our company Hyper-V server, the deployment profile was adjusted to let new user be administrator type. My colleague tested the Autopilot process on that VM. Subsequently, I signed into that VM as well, but noted that I being the second user was considered a standard user as well.
My colleague (global administrator for Azure AD) adjusted the domain devices settings, enabling the [Additional local administrators on Azure AD joined devices] policy and declared my user account as part of that group.
It's been nearly 24 hours and the policy does not appear to have flowed through to the computers despite multiple sync attempts. When signed in as my account, I still get challenged for administrator credentials. Are there still additional configuration steps we missed? Or does this particular policy take an awfully long time to sync and take effect?
Furthermore, with the second VM, I noticed that my account setup procedure isn't fully complete and am not sure why.
The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral
Hi,
I am working on terms of use in the Azure portal for my Application, I have few doubts to be clarified.
What will be the best way to publish a «on-premise» application into Azure AD «MyApps»?
1- Using the Application Proxy?
2- Create a VPN betwenn Azure and customer site?
3- Put the application in front of the Internet through Firewall and WAF?
We need to consider about 5000 simultaneous users during peak periods.
I know which one is my favotite, but I need the opinions of others...
Many thanks.
Martin R.
What Azure Devops ?
what is required to learn it ?
Does it require scripting knowledge ?
It is just a way of working ?
Can you please help me to correct my understanding ?