Recent Discussions
Force user to reset password in hybrid
Hi, we work in a hybrid environment at the moment, and it has been discovered that if you are using classic AD and reset a user's password and leave the tick-box saying user must change password at next logon, the password reset works! But, if you were to select the tick-box with the intention to make the user change their password, the password does not get reset and the user never gets asked to reset their password? Also, if you try and reset the user's password on AAD, you get the following error message: Because we cannot force the user to reset their password by AD or AAD, we have to tell the user to do it themselves by the classic Ctrl-Alt-Del method or set their personal password for them over the phone. So, what my question is, is why can I not force the user to change their password from either AD or AAD?
Microsoft Entra Connect connecting always to old DC
We are planning on demoting old DC server. When doing checkups I noticed that Entra Connect keeps connecting to this specific DC we'ew planning to demote everytime it connect to Active Directory. So now I'm wondering does this need any additional configuration to keep sync working after DC Demote. I found out that there is option to "Only use preferred domain controllers" but I'm not sure if that's what I want do do. There were the red line is is the old DC to be demoted. "Only use preferred domain controllers" setting. If I enable this setting I got this kind of notice. I don't feel like this is the right way to do it so I canceled at this point.
Invite external user - error 'Primary SMTP address is an invalid value'
I'm using Entra Id to invite external users to my domain. Their email is of form: mailto:email address removed for privacy reasons Sending the invite generates the error: There is no error if I send an invitation to the same domain without the '+' sign, so I assume this is causing an issue with Entra Id. Is there a workaround for this?Restrict access to Microsoft Entra admin center
Hi, I know that setting this to Yes isn't considered a Security measure by Microsoft, but I really think that they need to rethink this and give a better warning Entra>Users>User Settings>Restrict access to Microsoft Entra admin center If this is left to, No, which is the default, then any user (Admin or Standard User) is able to access Entra, and for certain things this may be required, but it leaves a huge door open as well for the egress of data. For example, a Standard user can access Entra, select Users and or Devices from the left hand side and export a .csv file with all devices listed and or all Users in the estate listed with a lot of other information in this as well that is included in the exported file. Is there another way to allow users access to the portal to manage Groups or Apps that they are an Owner on (which is one of the reasons that I see for allowing any user to access the portal) but also to dramatically reduce the risk to the business for users also being able to see a lot of other information in Entra that we would not wish users to be able to see or indeed interact with, such as downloading a file of all Devices and Users in the estate.
Recent Blogs
- 2 MIN READWe’re strengthening how Microsoft Entra Conditional Access is enforced for a narrow set of authentication flows to improve your security posture.Jan 28, 2026
- A new four‑part webinar series that helps you turn the 2026 identity strategy into actionable steps—with demos, templates, and guidance from Microsoft Entra.Jan 20, 2026
