Dear All,

We are using a configuration policy in intune in order to dissallow copying any data in removable media if are not encrypted with bitlocker.

Is there any way to store the encryption keys in Azure AD (currently the only options are to save o rprint the recovery key)

Kind Regards,

After installing Azure AD Connect and importing the PowerShell module ADSync the cmdlet "Get-ADSyncConnectorRunStatus" is not present. It is mentioned repeatedly in various blogs so I am at a loss why it should not be present.

I  have "googled" it but the closest I have got to an answer is a https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler> covering the missing "Get-ADSyncScheduler" cmdlet.

Any advice would be welcome. I really need to use a remote script to test if a connector is still running.

Kevin Gallagher

Hi all,

Lets start with my 'end goal'

#End goal

My goal is to use the Azure Active Directory app to read and write SMIME certificates to Azure Active Directory so that all users withing the company can use the certificate in Outlook or Exchange Online.

I don't know for sure if that is possible so that is why I started with 'Getting access to MailboxSettings'. Even that seem to be a bridge to far with the current documentation.

#8 mile road

The documentation is absolute crap. Not really Microsoft standards. I am writing a piece of code to update MailboxSettings by using the Microsoft Graph API. At least that was the plan.

I created an App in Azure, added all the "application permissions" that I could possible think off. Granted permission by Administrator within the Azure Active Directory dashboard.

Step 1) Getting the access_token by following the client_credentials flow. So far so good. I can access my profile and from other users within the Azure Active Directory.

Step 2)..............#fatal_error. I found 3 references to MailboxSettings. In Office365 API, ExchangeOnline API and Microsoft Graph API............Okeeeeeeeeeeeee. That makes things a whole lot clearer......#nope

A) There is no explanation at all that you actually need an Office365 subscription to even use the API.

B) There is no explanation when and how MailboxSettings are accessible. I discovered that You need to add Office365 subscription to a user to enable Mail.Office365.com access. Then it takes a while before you can even access the account through the API. No explanation whatsoever!

C) So, now finally I can access the account through the Office365 API. After discovering that you need to request an access_token by changing the scope to "https://outlook.office365.com/.default" or "https://outlook.office.com/.default".

The image below tells me 'Mail is not part of'

At this moment I am out of options. Can someone point me in the right direction? To be specific:

1) What endpoint do I need

2) What scope is used for what endpoint and/or settings

3) Where can I find specifics about which direction Microsoft is actually heading? At some pages I read 'Microsoft Graph API' will be the main entry point but then I want access specific data and you get a message "Sorry not supported yet, go to <other api>'.

4) What resources are accessible with what subscriptions? There is absolutely NOTHING documented about this.

5) https://docs.microsoft.com/en-us/graph/api/message-get?view=graph-rest-1.0&tabs=http The only actual usefull way of documenting API's. However, its limited to "ME" and there is no endpoint for 'MailboxSettings'. The 'beta' API does have this option. https://docs.microsoft.com/en-us/graph/api/user-get-mailboxsettings?view=graph-rest-beta&tabs=http Hoever, there is no explanation in requirement, subscriptions, whether or not Outlook.com users, Live.com user or only Office365.com users are able to be updated. How can I access this?

6) Eventhough my app has: 

And I request an access_token by using the "client_credentials" flow with scope set to https://graph.microsoft.com/.default. I can not list the users. I get the message:

https://graph.microsoft.com/beta/users/

Hi Team,

I need to establish a connection using Alteryx to Dynamics CRM.

For that I need to register an application and have tenant id client id and secret key.

So I created an application using  howto-create-service-principal-portal#create-an-azure-active-directory-application. assigned owner role also.

I got the following error.

AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration.

Please suggest the solution.

Thanks,

Sai Teja

Hi!

We had an employee started a Azure AD and was automatically the global admin for that. Now he no longer works for us and Im supposed to continue the work he started. But Im only a user and there is no other global admin or high priviligies user created. Is there a way to make me a global admin?

Or is there a way to delete the directory to start from scratch?

Cheers!

Johan

Now doing as suggested, contacting MSDN and providing this info:

[09:11:30.954] [  1] [INFO ] 

[09:11:30.955] [  1] [INFO ] ================================================================================
[09:11:30.955] [  1] [INFO ] Application starting
[09:11:30.955] [  1] [INFO ] ================================================================================
[09:11:30.955] [  1] [INFO ] Start Time (Local): Wed, 01 Mar 2017 09:11:30 GMT
[09:11:30.955] [  1] [INFO ] Start Time (UTC): Wed, 01 Mar 2017 09:11:30 GMT
[09:11:30.956] [  1] [INFO ] Application Version: 1.1.380.0
[09:11:30.956] [  1] [INFO ] Application Build Date: 2016-12-28 22:06:30Z
[09:11:30.956] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (9504b04)
[09:11:31.401] [  1] [INFO ] App Properties/Metrics:
[09:11:31.402] [  1] [INFO ]    Runtime.Start=2017-03-01T09:11:30+00:00
[09:11:31.402] [  1] [INFO ]    Application.Version=1.1.0.0-1482962790
[09:11:31.402] [  1] [INFO ]    Application.IsDebugBuild=False
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.ProductType=DomainController
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.Sku=7
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.Language=0409
[09:11:31.402] [  1] [INFO ]    Runtime.PerformConfiguration.Result=NotStarted
[09:11:31.402] [  1] [INFO ]    Environment.Computer.Make=hp
[09:11:31.402] [  1] [INFO ]    Environment.Computer.Model=proliant dl380e gen8
[09:11:31.402] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[09:11:31.402] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=
[09:11:31.402] [  1] [INFO ]    Runtime.EncodedHelpLinkUsageBytes=
[09:11:31.404] [ 11] [INFO ] Starting Telemetry Send
[09:11:31.417] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[09:11:31.417] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[09:11:31.417] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[09:11:31.417] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[09:11:31.417] [  1] [INFO ] Default Proxy [Enabled]: True
[09:11:31.417] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[09:11:31.444] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[09:11:31.485] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[09:11:31.507] [  1] [INFO ] Found existing persisted state context.
[09:11:31.527] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[09:11:31.550] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[09:11:31.550] [  1] [INFO ] Password Sync supported: 'True'
[09:11:31.572] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[09:11:31.651] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[09:11:31.660] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[09:11:31.665] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[09:11:31.667] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:31.676] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[09:11:31.676] [  1] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[09:11:31.678] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[09:11:31.678] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[09:11:31.679] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[09:11:31.679] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:31.679] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: verified product code {43cc9c53-a217-4850-b5b2-8c347920e500}.
[09:11:31.679] [  1] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[09:11:31.681] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[09:11:31.766] [  1] [INFO ] CheckInstallationState: Packaged version (1.1.380.0), Installed version (1.1.380.0).
[09:11:31.852] [  1] [INFO ] CheckInstallationState: AAD PowerShell is up to date (1.1.380.0 <= 1.1.380.0).
[09:11:31.853] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[09:11:31.853] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:31.853] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[09:11:31.853] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[09:11:31.853] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[09:11:31.853] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[09:11:31.853] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[09:11:31.854] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:31.854] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[09:11:31.854] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[09:11:31.854] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {e58152df-2d65-4650-9a19-949c11fdcd63}.
[09:11:31.854] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.380.0, ProductCode=e58152df-2d65-4650-9a19-949c11fdcd63, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[09:11:31.862] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[09:11:31.863] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[09:11:31.863] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[09:11:31.863] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:31.863] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {e58152df-2d65-4650-9a19-949c11fdcd63}.
[09:11:31.864] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[09:11:31.864] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[09:11:31.864] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.380.0, ProductCode=e58152df-2d65-4650-9a19-949c11fdcd63, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[09:11:31.867] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[09:11:31.960] [  1] [VERB ] Check product code installed: {4e67cad2-d71b-4f06-a7ae-bb49c566bb93}
[09:11:31.960] [  1] [INFO ] GetProductInfoProperty({4e67cad2-d71b-4f06-a7ae-bb49c566bb93}, VersionString): unknown product
[09:11:32.042] [  1] [INFO ] AzureADSyncEngineComponent: Product Azure AD Sync Engine (version 1.1.380.0) is installed.
[09:11:32.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[09:11:32.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[09:11:32.042] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[09:11:32.042] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[09:11:32.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[09:11:32.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[09:11:32.042] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[09:11:32.042] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[09:11:32.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect agent
[09:11:32.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {a8b03820-e701-44d7-b65e-6ffbb866a861}: no registered products found.
[09:11:32.042] [  1] [INFO ] Determining installation action for Azure AD Connect agent (a8b03820-e701-44d7-b65e-6ffbb866a861)
[09:11:32.042] [  1] [INFO ] Product Azure AD Connect agent is not installed.
[09:11:32.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[09:11:32.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[09:11:32.042] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[09:11:32.042] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[09:11:32.042] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[09:11:32.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[09:11:32.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {6c026a91-640f-4a23-8b68-05d589cc6f18}.
[09:11:32.042] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[09:11:32.042] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[09:11:32.042] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[09:11:32.043] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[09:11:32.043] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.043] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {9ae22681-c27c-402a-a136-15854dff693d}.
[09:11:32.043] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.3.6020.0, ProductCode=9ae22681-c27c-402a-a136-15854dff693d, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[09:11:32.043] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[09:11:32.043] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.3.6020.0) is installed.
[09:11:32.043] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[09:11:32.043] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.043] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[09:11:32.043] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[09:11:32.043] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector is not installed.
[09:11:32.044] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[09:11:32.134] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[09:11:32.134] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[09:11:32.134] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[09:11:32.134] [  1] [VERB ] Getting list of installed packages by upgrade code
[09:11:32.135] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {0c143e16-4155-4add-beb9-5286574ad8ca}.
[09:11:32.135] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.380.0, ProductCode=0c143e16-4155-4add-beb9-5286574ad8ca, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[09:11:32.135] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[09:11:32.135] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.380.0) is installed.
[09:11:32.135] [  1] [INFO ] DetectInstalledComponents stage: Sync engine is already installed and meets version requirement.
[09:11:32.135] [  1] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[09:11:32.136] [  1] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
[09:11:32.136] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[09:11:32.450] [  1] [INFO ] Checking for DirSync conditions.
[09:11:32.450] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[09:11:32.452] [  1] [INFO ] Initial configuration is incomplete.
[09:14:50.026] [  1] [INFO ] Opened log file at path C:\Users\Administrator.LAUGAR-DC01\AppData\Local\AADConnect\trace-20170301-091130.log

Hi,

I have to create users in Azure AD. Also fill all the required attribute to the users. But I can not see all the attribute in Azure AD user portal. Example attribute "company". 

Thanks,

Hi Team,

We have Azure AD hosted on Azure and we want to test the security of our Aazure AD. The requirement is if at all any intruder enters 10 times wrong password & "10 successful Captcha & Wrong password combination" with azure AD user; The azure ad user account shall be lockedout. So if it is locked out what is the idle duration to auto unlock. And is there any way to unlock the account on demand through Azure Management portal or powershell? If it is doable through either of these; how we can unlock the account; I couldn't find any answers.

Your faster response is much appreciated in extending our business onto Azure. Thank You.

Regards,

Subhash

Regards, Subhash Konduru

Hello,

I have an issue where I'm trying to remove an orphaned user account in Office 365. The account still exists in Office 365 and shows up in the global address list, however it's been deleted on-prem and sync is working fine. So I've found articles saying to manually wipe it on Office 365 using the following command. However, I keep getting an Access Denied error every time. I'm using elevated powershell, I'm a global admin in office 365 and I don't think it's a UPN issue because I'm able to use the Get-MsolUser and find the account. Any other ideas? Thanks!

Remove-MsolUser -UserPrincipalName account_name

Remove-MsolUser : Access Denied. You do not have permissions to call this cmdlet.

A "Get-MsolUser -UserPrincipalName account_name" returns the user account just fine.

I have a case where Privilege Identity management is configured for the organisation.  Each new project is given its own sets of subscriptions and AAD groups and then then the privilege identity management is applied on top controlling owner/contributor/reader access.

At the moment this is all done via the GUI however this is a long process take around 45mins per project. There are no powershell modules for this however is there a programmatic way to apply the settings we want? It would save a lot of time.

What does the warning refer to?   Does it mean that "synchronize all users and devices" is for production deployment only? (see the 2nd link below).  And we should generally filter only for pilot deployment?   

Why should we filter?

For production, if we are to filter and we only want users and groups to be synch from on premise AD to Azure AD is there an option to synch  just the Users OU and security groups.   Should I select the OUs:  Builtinand Users.   see blue circles- step 6

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

dsk

Hi All,

I wonder if someone can help?

I have an AD Connect Server running Win Serv 2012 R2. I have had Azure AD Connect now running for the best part of 10 months. I came into work the other day and I found that the Password Sync has stopped.

I have gone and done a manual sync, deselected and reselected the PWD attribute, restarted the services and machine, but I still can't get passwords to sync.

Here is the error; Azure AD Connect - Password sync  Warning: no recent synchronization.

Can anyone assist? I am sure I am not the only one who's had this.

My Azure Ad Connect is : 1.1.281.0

As always, thanks very much,

I am debugging an issue with the SAML response from Azure AD. Besides the claims, I have everything set by default. 

The conditions of the SAML response seems logical, not before -5 minutes before the IssueInstant time, and not after an hour after the IssueInstant.

However, I have logged in previously to Azure AD, before the condition. So, in the same SAML response, I have the AuthInstant few hours before the condition. Note that, based on the cookie info on browser, I have a 90 days of the login session validity. So, my SP failed my login due to the the issue instant not in acceptable window.

I have 2 questions here.

1. How do I modify the condition setting, so that the condition would be not before 90 days of the IssueInstant time?

2. Is it recommended to change the condition that what I am trying to do in #1?

Please help. Thanks!

Hi,

I working on Mobile Application , in my project I am using Azure AD authentication for login process.

My future implementation is to Add user Acceptance in Terms of use during login.

I have gone through the link : https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use  and started implementing this in my mobile app. 

I have few queries to be clarified

1. Can we update/re-upload the PDF in Existing Terms of use?
2. If yes!. Then how to re-upload the PDF , If No! what is the alternative approach for this

hi

we are building an POC app to showcase the Azure capabilities to clients

need help in designing the Security 

we have 2 web applications

 1) FrontEndWebApp (Asp.net MVC)

 2) BackendRestService (web API)

we are planning to host these apps to Azure App Service platform.

we need  security configuration is similer like this.

  FrontEndWebApp (Asp.net MVC)--Should run one service account (managed Service Identity name FrontEndSPIdentity)

  BackendRestService Should be given permission to the FrontEndSPIdentity to call all services defined BackendRestService .

  Along with that BackendRestService should  have defined MSI name(BackedSPIdentity)

  BackedSPIdentity--Should have read access to AzureStorage,AzurekeyValut.

Please let me know to solve this.