Azure | Microsoft Community Hub

Forum Widgets

Latest Discussions

MFA without a Cellphone
This is becoming a bigger issue more and more. We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts. We supply these users with a Business Voice license so they can make business calls and accept business calls. All of our employees have corporately paid laptops running Windows 10 and all have SharePoint, Email, OneDrive, Teams etc. Microsoft does not offer the authenticator app on Windows 10 so we can't use that method. So what do we do? Leave all these accounts vulnerable? I've read about using "landlines" for authentication then Microsoft says that's not secure but then provides no guidance on exactly how we're supposed to do this. We cannot be expected to pay for a cellphone for all these users just to use one app. That's ridiculous.
luvsql
Iron Contributor
Mar 09, 2021
azure
292KViews
6likes
102Comments
Welcome to the Blockchain AMA!
We are very excited to kick of this hour of live Q&A with the Blockchain product team! Please submit your questions as a new thread in the Blockchain Group so we can easily identify and answer them. You can identify official Microsoft responders by the blue circle around their profile avatar. If this is your first AMA, review the AMA Guide. After the event, we will make a summary of the AMA and share it in the community. To get started, please introduce yourself below along with where you are joining us from! The Blockchain team is busy here taking your questions!
Lana O'Brien
Silver Contributor
Mar 15, 2017
blockchain
30KViews
5likes
40Comments
Unable to add IT Pro Cloud Essentials
Hello All, I started Azure with the free trial and once its expired added a pay as you go subscription. When I try to add IT Pro Cloud Essential or Visual Studio Dev subscriptions it does not allow me to add and displays the following error. We cannot proceed with signup due to an issue with your account. Please contact support Opened up a support ticket and Azure support is saying this is due to the expired Trial account. I found no way to remove the trial. Is there any way for me to add the above-mentioned subscriptions? Thanks in advance, -Dhanushka
Dhanushka Vithanage
Brass Contributor
Mar 12, 2017
azure
10KViews
3likes
27Comments
Disable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Joshua Dolecal
Copper Contributor
Jan 09, 2018
Azure AD
Intune
Windows Hello
335KViews
1like
27Comments
Multifactor Authentication MFA and Virtual Machines VM
We are a small development company using Office365. For a new project we now want to use some Windows VMs in the cloud. Because Azure integrates nicely with Office365 it seems to make sense to create these VMs on Azure. The plan is that the existing Office365 logins stored in Azure AD can also be used to grant access to the VMs Windows OS (as managing separate credentials for each VM is a PITA). We created the VMs and assigned access rights - there are specific roles for this (login as user, login as administrator) which is exactly what we need. We tried to login and - bummer. Login doesn't work. After some searching we found out that the reason seems to be that we have MFA turned on and this is not supported by the Windows OS. So we figured we need to change access configuration e.g. by using Bastion instead of plain RDP for remote access but - bummer. Bastion also doesn't support MFA. After looking around for a while we came to the conclusion that currently there seems to be no way to get this done (at least with an acceptable amount of work/money for a small company like us). The official MS suggestion is to turn off MFA for RDP by using Azure AD conditional access. This is acceptable because we are securing remote access by source IP so MFA for RDP is overkill anyway. So we opened up the Azure AD configuration page and - bummer. Azure AD conditional access is only available when using Azure AD Premium which increases costs by about 5-10$ per user per month. That's inacceptable only to turn off functionality! Therefore we decided to disable enforcing company-wide MFA so those users who need RDP to the VMs could remove their MFA and successfully login. This indeed works but - bummer. Everytime a MS website is opened (e.g. the Azure Portal) there is a message saying the user needs to configure MFA. After a click on the "Next" button the setup screen opens where the user can select "Skip setup" and login without MFA. How stupid is that - but so far we found no way to get rid of this. Sure, we could manage separate credentials for each VM - but that's what we want to prevent and something that we could also do with all other cloud providers so why use Azure? We are currently unsure if we should just delete all Azure resources and move our VMs to another cloud provider. So we'd like to ask if there is something that we missed: Is there a (feasible) way to get RDP login to Azure VMs to work when using Azure AD credentials with MFA? Is there a way to turn off MFA for RDP only without additional costs? Is there a way to get rid of the stupid MFA setup screens when turning company-wide MFA off? Is there any other approach or solution to our (quite simple and common) requirements?
Solved
SandroRudin
Copper Contributor
May 10, 2022
32KViews
0likes
24Comments
Backing up Azure file storage to Azure Backup
Hi Team, We are already using Azure file Storage. This is to copy files directly to Azure Storage (file shares). A virtual drive has been mapped for this storage. Since Azure File Storage does not support Recovery/Restore Points (i.e. restore a file one week old) or Point in Time copies, we need to use Azure Backup which has these Point in Time/Recovery Points capabilities which will allows us to restore files like 2 days old in case a file has been delete or overwritten. Per our research, Azure File Storage backed up directly to Azure Backup is not possible (yet). Backup of Azure Storage is only possible on BLOB Storage but not Azure File Storage. See links below. https://docs.microsoft.com/en-us/azure/backup/backup-introduction-to-azure-backup https://github.com/levibotelho/azure-blob-backup https://docs.microsoft.com/en-us/azure/backup/backup-try-azure-backup-in-10-mins Is there any possibiltity to achieve this with current capabilities or if not, has this been taken in to the timelines for future deliveries ? any feedback is really appreciated ! Thank You Manoj Karunarathne manojviduranga@hotmail.com
Solved
manojviduranga
MCT
Jun 02, 2017
Backup
Data & Storage
16KViews
2likes
23Comments
Azure Cloud Shell error
I am getting this error messagem when connecting to the bash: "Warning: Failed to mount the Azure file share. Your cloud drive won't be available. Your Cloud Shell session will be ephemeral so no files or system changes will persist beyond your current session." Anyone with the same problem?
Solved
Miguel Lobato
Iron Contributor
May 17, 2017
azure
70KViews
3likes
23Comments
Microsoft Azure Datathon Africa League AMA
Hello and Congratulations to all participants for taking on the Microsoft Azure Datathon - Africa League . 🚀🚀🚀 We’re happy to announce 270 individual winners . Please complete this form to redeem your prize, allow maximum 3-days for electronic delivery. Have a question? use this thread to ask us questions related to the League.
Solved
LeboMadise
Microsoft
May 06, 2022
4.8KViews
0likes
23Comments
Understanding Azure Account, Subscription and Directory.
For the last couple of days, I am trying to understand the relationship between Azure account, Subscription, and Directory and Resource Groups. Is there any comprehensive guide that can help me to understand how Azure Account, Subscription and Directory works? Thank you in advance.
alwaysLearner
Iron Contributor
Dec 09, 2016
azure
688KViews
7likes
22Comments
Azure Automation connecting to Exchange with MFA enforced
I have a tenant with MFA a requirement for any account with elevated privileges. I can use Azure Automation PowerShell runbook for Azure AD using the service principal and certificate e.g. # Get Azure Run As Connection Name $connectionName = "AzureRunAsConnection" # Get the Service Principal connection details for the Connection name $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName # Logging in to Azure AD with Service Principal "Logging in to Azure AD..." Connect-AzureAD -TenantId $servicePrincipalConnection.TenantId ` -ApplicationId $servicePrincipalConnection.ApplicationId ` -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint I cannot however seem to work out a way to connect to Exchange when MFA is enforced: To demonstrate, I configure the automation account credentials to use a global admin account and then try: Connect-ExchangeOnlineShell -Credential $Credential I get an error 'you must use multi-factor authentication to access' It appears there isn't an equivalent certificate based login for Exchange as in place for Azure AD so my only option is to use credentials for an account which doesn't have MFA, which from security is going to problematic. Does anyone therefore know how to connect to EOL when MFA is enforced? Note: Connect-ExchangeOnlineShell is a wrapper for Import-PSSession $Session method to connect to Exchange online which I have also investigated.
Solved
Chris Johnston
Brass Contributor
May 08, 2019
azure
26KViews
1like
19Comments

Resources

Tags

azure2,320 Topics
azure devops1,393 Topics
Data & Storage379 Topics
networking241 Topics
Azure Friday224 Topics
App Services205 Topics
devops173 Topics
blockchain168 Topics
Security & Compliance155 Topics
analytics137 Topics