Forum Widgets
Latest Discussions
Limitations on Modifying Enterprise Applications in Azure AD
Hi All, I'm curious about the limitations on modifying Enterprise Applications in Azure AD. Specifically, are there any restrictions on how frequently we can make changes to attributes, ACS, or reply URLs? I understand that modifying these settings can impact user access, but I'm concerned about potential rate limits or other restrictions that might prevent frequent updates. Any insights or best practices for managing these changes would be greatly appreciated. Post Script We don't have a dedicated QA environment, so understanding these limitations will help us plan our changes carefully.16Views0likes0CommentsIssue: Invitations from SharePoint and Teams Redirect to Incorrect Page
I hope you're doing well! I’m reaching out to seek some guidance regarding an issue we’ve encountered with guest invitations in SharePoint and Teams. When we send invitations to guests from SharePoint and Teams, they are redirected to the Entra ID "My Applications" page instead of directly to SharePoint or Teams. We do not want guests to be redirected to the "My Applications" page in the directory but rather directly to the respective service/application. Is this a configuration setting, and if so, where can this be adjusted? I have been unable to locate such a setting in Entra ID. Another notable issue is that invitations take 1 to 2 hours to reach the invited guest. Thank you in advance for your assistance.stade1655Dec 19, 2024Copper Contributor7Views0likes0CommentsCan we enroll MFA to the users through POSTMAN
Hi Team, I am learning about MS Entra and planning to replace OneLogin with SSO. I can find all the API details of user enrollment in OneLogin, but I am struggling to get all the details to manage MFA enrollment for MS EntraID. I appreciate your valuable and kind support on this.biswajitprasanoramDec 18, 2024Copper Contributor8Views0likes0CommentsMicrosoft Entra Hybrid Join Issue Despite Setting Up All Essentials
I’m facing an issue where my client computer is unable to join Hybrid Azure AD, even though I’ve already set up all the essential steps, I downloaded that Microsoft Entra Connect Sync tool from the official site and did all the necessary steps. including configuring the SCP (Service Connection Point). Our main server is in New York, and our branch office is in Asia region, I want to have Microsoft Entra Hybrid Joined to all of my office PC in order to apply some conditional access policies. Despite these setups, the device fails at the discovery phase, and I can’t figure out what’s missing. This is what it says when I try to manually add the client PC TenantInfo::Discover: Failed reading registration data from AD. Defaulting to autojoin disabled 0x800706ba DsrCmdJoinHelper::Join: TenantInfo::Discover failed with error code 0x801c001d. Has anyone encountered a similar issue? Any guidance or troubleshooting tips would be greatly appreciated. Thanks!17Views0likes0CommentsAccount Linking Alexa with Entera ID
I am trying to use Entra ID as idp for Alexa Account Linking and run into issues with the token refresh. The original Account Link works fine, but after an hour or so (when the refresh is happening probably) the account link breaks. Amazon is no help, they just state that "possibly" the refresh fails. But I find no logs on any side. Any ideas what I could do to narrow it down or solve this?WKBDec 13, 2024Copper Contributor8Views0likes0CommentsMicrosoft Entra Hybrid Join Issue Despite Setting Up All Essentials
I’m facing an issue where my client computer is unable to join Hybrid Azure AD, even though I’ve already set up all the essential steps, I downloaded that Microsoft Entra Connect Sync tool from the official site and did all the necessary steps. including configuring the SCP (Service Connection Point). Our main server is in New York, and our branch office is in Asia region, I want to have Microsoft Entra Hybrid Joined to all of my office PC in order to apply some conditional access policies. Despite these setups, the device fails at the discovery phase, and I can’t figure out what’s missing. This is what it says when I try to manually add the client PC TenantInfo::Discover: Failed reading registration data from AD. Defaulting to autojoin disabled 0x800706ba DsrCmdJoinHelper::Join: TenantInfo::Discover failed with error code 0x801c001d. Has anyone encountered a similar issue? Any guidance or troubleshooting tips would be greatly appreciated. Thanks!amritDec 13, 2024Copper Contributor26Views0likes1Commentkeep ui_locales param in custom policy sign in flow
Hi, I'm having some trouble with the language customization of our AD B2C based authentication pages. In my country (Greece) even though the local language is greek, it's very common to use english as the default language for web tools and specifically browsers. In our business we do want to show english translations but only when user needs it. There is a language switch added in a custom html template that changes the ui_locals param and refreshes the page. We have added LocalizedStrings to our custom policies and initially force the ui_locals=el param in order to override the default browser language and set it to greek. This works fine in the first screen where users are asked to add their email address but as long as they proceed to the next step, the ui_locals param is lost and the password screen is shown with strings in english. Is there a way to tell to a custom policy to respect the ui_locals param when moving from one screen to another?ProkoDec 11, 2024Copper Contributor19Views0likes0CommentsAPI-driven provisioning field mapping changes resynchronize all users and groups
We have configured API-driven provisioning for on-premises Active Directory, along with Azure AD Connect, to synchronize on-premises AD users with Azure Entra ID. As part of the provisioning setup, we have used a separate Organizational Unit (OU) in on-premises AD (designated as the default OU for new users) while configuring API-driven provisioning. We are attempting to make some changes to the API field mapping, specifically the ‘UserPrincipalName’ regular expression (custom domain) and the ‘manager’ field, and saving the configuration. Upon attempting to save, a prompt appears (as highlighted below screenshot), indicating that this action will resynchronize all users and groups. Could you please clarify: Will this resynchronization update any existing users outside the default provisioning Organizational Unit (OU)? Specifically, what does the resynchronization operation update? For instance, will it modify the 'UserPrincipalName' and 'manager' attributes for all users including old users outside of provisioning Organizational Unit (OU)? Screen Shot - While Saving Mapping.LJohnDec 10, 2024Copper Contributor25Views0likes0CommentsEnable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.ErikCoronel33Dec 06, 2024Copper Contributor23Views0likes0Comments[Global Secure Access] Private DNS Cache TTL
Dear all, We are currently in the process of testing the global secure access solution. During Ignite, I attended a session where John Savill discussed the service and its architecture. He mentioned a caching mechanism within the Private DNS feature of the SSE solution. I am curious about the frequency at which this cache is refreshed or updated, as I have not found details regarding the cache lifetime in the documentation. This may be due to its public preview status. If any of you have insights on this matter, your response would be much appreciated. Kind regards, PascalPascal_PetersDec 06, 2024Copper Contributor30Views0likes1Comment
Resources
Tags
- Azure Active Directory (AAD)1,535 Topics
- Identity Management591 Topics
- Access Management418 Topics
- microsoft 365359 Topics
- Azure AD B2B219 Topics
- Active Directory (AD)168 Topics
- Conditional Access136 Topics
- Azure AD Connect115 Topics
- Authentication111 Topics
- azure107 Topics