All Questions
Tagged with azure azure-active-directory
261
questions
1
vote
2
answers
113
views
Azure AD/Entra-ID, syncing single domain on-prem environment, to single Azure tenant with multiple exchange mailbox domains
We currently have our Azure tenant, with the verified domain "superiorproducts.com".
We also have our on-prem traditional AD domain, which is "supprod.local", with 4 domain ...
- 230
0
votes
1
answer
43
views
Azure CLI `AZ LOGIN` ERROR: "Found multiple accounts with the same username"
I'm getting this error whenever I try to login to Azure via the CLI. Here are the details:
PS C:\Users\MyName> az login
Please select the account you want to log in with
(Now I get a popup ...
- 268
0
votes
0
answers
96
views
Azure AD - Intune device mismatch, not joined properly
I have something of a mess on my hands. When these devices were joined, or "registered" with Azure AD, they had already been through OOBE and had local accounts created on them. I realize ...
- 230
0
votes
0
answers
18
views
Is `id_token_signing_alg_values_supported` administrated by Microsoft or the tenant's administrators?
I have created a custom OIDC authorizer for a AWS API Gateway (REST). It currently support tokens signed using the RS256 algorithm, and will otherwise fail.
The .well-known OIDC endpoint lists the ...
- 419
0
votes
0
answers
26
views
Why am I not able to revoke GraphAPI Permissions in Graph Explorer Sandbox?
When I go to https://developer.microsoft.com/en-us/graph/graph-explorer and log in with my Azure account, I cannot revoke access to mail.send:
And am presented with this message:
"You require ...
- 97
0
votes
0
answers
39
views
In an Azure Web App how can I bypass authentication for internal API endpoint calls?
I have an Asp.Net Core application running in an Azure Web App and I need it to be able to call itself.
Part of a long-running process in the app needs to be able to open a connection to https://my-...
- 235
0
votes
0
answers
95
views
Adding multiple tenants with Microsoft Partner Center
I am working to get two Azure tenants associated through the partner center. The two global admin accounts being used by the administrator do not have the same email address, but are both set to ...
0
votes
0
answers
50
views
Is the Global Administrator role required to manage Enterprise State Roaming in Azure AD?
As a new system admin, I was provided with access to some standard role assignments from the 365 admin center, which include the following:
Authentication Policy Administrator
Exchange Administrator
...
- 1
0
votes
1
answer
36
views
Hybrid AD Joined and Autopilot
I've been working on setting up our Autopilot onboarding with our Hybrid AD. I have managed to join a device to the domain successfully, but I have noticed some differences against when we do this ...
- 21
0
votes
0
answers
60
views
Which service principal role will provide the minimum permissions necessary to automate installation of a website certificate?
I wish to grant a third-party application API access to my Azure tenant for purposes of installing a TLS certificate on a certain website ("App Service," in Azure terminology).
However, ...
- 755
0
votes
0
answers
415
views
Rdweb and Azure application proxy SSO
So for one of our customers we have moved one of their legacy application (non-web app) to azure and made it available through an RDgateway and azure application proxy. As descibed here: microsoft ...
0
votes
0
answers
72
views
Cannot delete Azure Active Directory Tenant
I'm attempting to delete an unused Azure Active Directory Tenant.
All initial checks have passed:
However, when I click "Delete", I get a popup saying "Unable to delete tenant. Known ...
- 185
0
votes
1
answer
34
views
Azure B2C - Custom policies - Replacing Let's Encrypt certificate for a Comodo/Sectigo certificate not allowed
I have an Azure B2C tenant which uses custom policies to connect to our own API.
The policy is currently provisioned with a *.something.dev certificate and expires every 3 months.
The plan is to ...
- 147
0
votes
0
answers
139
views
Azure AD Credentials With On Premise VM and SSAS Tabular Cube
I have a Azure VM that I've joined to my Azure AD, works great. I've installed (Development Edition SQL Server 2022) SSAS Tabular on this server using the local admin account and would like to use ...
- 215
0
votes
1
answer
150
views
Azure AD B2C on backend or front end?
I have a service oriented application where the fornt end is a NextJs application and the backend is a .net core API project.
I want to use Azure AD B2C to provide Authentication.
Should I configure ...
- 1
0
votes
0
answers
19
views
Gsuit user to auto sync with adazure so we can adazuredevops can do SSO
Current Scenario
1 - Gsuit basic users
2 - ADAzure free account(Not have any P1 or P2 license)
3 - Azuredevops on cloud
We need to do SSO for Azuredevops on cloud from gsuit all user or selected ...
0
votes
0
answers
84
views
Nginx proxy forward to Azure Analysis Service
Problem:
From on-premises computers I need to be able to login to Azure Analysis Service.
Since AAS is publically available my split-tunnel VPN configured in on-prem computer forwards the request to ...
- 101
1
vote
0
answers
439
views
Transfer Azure subscription transfer from one tenant to another tenant
I am working on a discovery phase for my client, who is looking to migrate subscriptions from one AD tenant to another.
Basically, I would like to know what all resource types are truly impacted and ...
- 111
3
votes
0
answers
1k
views
Change Windows from KMS client to Azure AD activation?
Is there a known way to change existing Windows 10/11 devices from KMS client activation to Azure AD Education A3 / A5 or Enterprise E3 / E5 license activation?
Apparently when Windows 10/11 devices ...
- 755
0
votes
0
answers
146
views
Custom VHD with Azure Marketplace Baseline Will Not Join Azure AD Domain
My goal is to upload a customized VHD into our cloud-only USGov environment and turn it into an Azure AD-joined template. My challenge is the option Login with Azure AD is disabled.
The image is a ...
- 1
0
votes
1
answer
901
views
Is it possible to fully undelete an Azure AD hybrid user account? If so, how?
Whereas this article says a deleted AD user only needs to be restored from the recycle bin for its Azure AD object to aslo be restored. For us, when an AD user object is undeleted, Azure AD Connect ...
- 1,660
1
vote
0
answers
168
views
Set default settings for all roles in Azure PIM
We've just started the process of making roles eligible for assignment in Azure PIM. We have a large collection of resources, each with roles that we want to individually make a user eligible to ...
-1
votes
1
answer
385
views
Azure AD B2C use case - SSO between 2 applications
I have 2 applications .
Application 1 : A .NET backend / Angular frontend app with AD B2C for authentication. (This application is already developed and working.)
Application 2 : A similar stack ...
0
votes
1
answer
22
views
Access Control to Azure Hosted App Service
We host an App Service in our tenant (xyz.onmicrosoft.com), and I am using Azure Identity services for authentication. I want to grant access to the application to users in another Azure tenant (...
- 513
0
votes
2
answers
375
views
Azure AD Change UPN
I have an account ([email protected]) in an Azure Active Directory (non-Hybrid). I want to change the UPN name "admin." to "firstname.lastname".
The field is editable in ...
- 513
0
votes
1
answer
544
views
Azure log analytics API read
I'm trying to get read access to Azure Log Analytics from my app and did the following steps:
Registered App under the “App registrations” in AD portal
Added platform: Web; redirect URI: http://...
0
votes
1
answer
388
views
Azure Conditional Access - Exclude MFA for Specific Resource
Is there a way to exclude a conditional access policy from MFA when accessing a specific resource?
In this case it is when accessing a SQL managed instance. Everything else has to apply MFA.
- 595
1
vote
1
answer
391
views
Best way to convert azure logs date time into an excel date time
Hello when I export Azure logs to csv I get this datetime format that excel doesn't recognize as a valid date time format:
2022-10-19T12:05:58Z
Is this the best way to convert this to an excel ...
- 113
2
votes
1
answer
258
views
Conditional Access Policy - Service Account Location and App control
I'm looking to allow certain service accounts that can't use MFA to our office public IP range (which is working fine) and not trying to add in only allowing it to access Power BI.
I've got my first ...
- 77
0
votes
1
answer
1k
views
AD Connect Synchronisation Update existing users instead of creating new ones
I'm currently setting up AD Connect to sync my users from AD to AzureAD and vice versa.
Maybe I did not understand the whole thing correctly. In my mind, what AD Conncet Synchronisation does is the ...
- 171
0
votes
1
answer
28
views
O365 Subscription per security group collaboration
i need some clarification about subscription concept on Azure Active Directory. If an organisation is using multiple O365 subscriptions ( one subscription per security group) ( The security group is ...
- 27
1
vote
1
answer
534
views
AD DS forward to Azure Private DNS Zone
Hi does anyone know how to forward traffic to a Azure private zone dns from a custom ad DS.
We can’t use the new dns forwarder solution as it’s still in preview :(
If we add a forwarder for 168.63.129....
- 353
0
votes
1
answer
2k
views
Get Alert when a new user is added in O365 Admin
I have been searching but cannot find a way to set an alert for when a user is added to O365 Admin. Earlier there was an alert policy which allowed choosing User Administrator's actions. However now ...
- 115
0
votes
1
answer
2k
views
Tease out extensionAttribute5 with get-mguser
Trying to force myself to start using graph thru powershell since it looks like the AzureAD powershell commandlets are going the way of the dodo at some point. Wondering if there is a way to use get-...
- 11
0
votes
0
answers
153
views
Error - Failed To Access Active Directory Failed to access Active Directory while creating resourse Azure Information Protection
I'am trying to give the hability to my users to be able to sync their Microsoft Edge features (such like bookmarks, passwords,...), over their Azure AD accounts, but I am unable to setup Azure ...
- 412
0
votes
2
answers
235
views
Only federate some users in AzureAD and not a whole domain
We want to test a new IDP in our organization ( this IDP is an inhouse SAML-compatible idp ). We are using AzureAD.
If we federate a new domain, we can test the authentication, and it works ( xxx@...
- 99
0
votes
1
answer
2k
views
Create a Mail-enabled security groups with Azure AD role assignment?
I would like to create a Security Group within my firm's 365 Tenant with a group email address and role assignment of "Billing administrator" - i.e. Can perform common billing related tasks ...
1
vote
2
answers
223
views
How can I specify an Azure tenant name?
How can I specify an Azure tenant name? I mean {something}.onmicrosoft.com name.
I have tried to register a new Azure tenant a few times and each time I created a new Microsoft account and then a new ...
- 337
0
votes
0
answers
296
views
Unable to access specific rest apis due to azure error
My application using spring rest and deployed in Azure server. Created rest apis using spring rest.
Am able to access all rest urls, except in one scenario.
for eg: http://mydomain123.com/api/abc , ...
- 1
0
votes
0
answers
2k
views
Wrong 'executing account name' on Azure AD joined machines (Windows 11, Autopilot)
Currently we have 'Azure AD Domain Services' activated in our tenant, which is a managed AD through Azure. Data is being synchronised between Azure and the managed AD. We're preparing to migrate away ...
-1
votes
1
answer
97
views
Is it possible for CodeTwo to choose a server-side signature based on the mail's language?
I wasn't sure if this was the correct place for this question but here goes.
I want CodeTwo (With Azure) to fetch a certain signature based on the mail's language content.
Is this possible? Or am I ...
1
vote
1
answer
374
views
What is the default RBAC scope used when assigning a role in Azure with the CLI?
This is the documentation for the az role assignment create command: https://docs.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#az-role-assignment-create
--score is an optional ...
- 129
0
votes
1
answer
96
views
Azure Cloud Zero Trust Access (App Registration?)
Working with the Azure Cloud:
I am looking into a solution where I can have users authenticate via Azure AD so they can access an app hosted on a virtual machine. This is something very similar to ...
-1
votes
1
answer
77
views
How do companies make sure resources created by an employee are not deleted when he is fired in Azure?
Correct me if I am wrong, but my understanding is that when an Azure account is deleted, all associated resources are also gone. This makes sense because else I would keep being charged for using ...
- 129
0
votes
2
answers
533
views
Changing Azure User Access Administrator?
The root User Access Administrator that is inherited by all our subscriptions is assigned to an account of an ex-employee. We're keeping that account alive so that we can continue to make changes as ...
- 2,196
1
vote
0
answers
396
views
Azure storage file share with AD and MacOS
My actual simple infrastructure is composed by a VNET with inside these machines:
Windows Server 2019 that acts as AD controller and DNS server, sync with Azure AD.
Windows Server 2019 stand alone, ...
- 111
0
votes
0
answers
81
views
Azure file sharing and AD how to
I work for a small company, 5 users with Office365 standard license + email with custom domain.
We have an Azure account with a couple on VM for some legacy software.
We would like to set up a file ...
- 111
0
votes
1
answer
671
views
LDAP bind to Azure Domain Services
I'm testing Azure AD and Azure AD DS and I have some issues to bind to Azure DS using LDAP.
I used the default AD tenant in my subscription, so i get a domain foo.onmicrosoft.com. Then I create a ADDS ...
-2
votes
2
answers
499
views
How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites?
How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites like gmail, google drive, personal onedrive, personal office365 account, dropbox, box, github, ...
0
votes
2
answers
76
views
Azure File Share mount with AAD Credentials
How can I log in to an Azure File Share (Azure Storage account with file sharing) with Azure AD credentials?
I would not like to deploy an Azure Domain Service.
Regards
Stefan
- 117