Forum Widgets
Latest Discussions
Unable to verify phone on MS 365 or Azure
Hey I am trying to signup for credits I recieve, but I keep getting this message "Oops, we're unable to verify your phone number" while I do so. I've tried a different mobile number, I've tried contact support apparently the support contact number provided for business aren't valid. kudos. with that being said, I'd like to setup ms 365, if not then probably need to switch a provided fast coz I cancelled zoho and now I am stuck with this.
Trying to create a dynamic group of users
Good afternoon. I am trying to create a dynamic group in Entra ID of users who have the Microsoft Office Business Premium license. I have tried in the Groups area of Entra ID using the rule creation interface (assignedPlans.serviceID) and in Powershell using commands in the Microsoft Graph library. Nothing works, I get errors saying properties aren't supported or I get way too many results for a single user and single sku. Has anyone successfully done this? I have the SKU and the SKU ID. Thanks
What is your SOP for old risky users?
Recently have been tasked with leveraging Entra ID to it's full potential. We've a suite of different tools we use for alerting, so the Risky Users component was essentially ignored for a couple years, and there's a buildup of alerts for sign-in attempts I can't even pull logs for. These users would've been required to change their password since the date on most of these, and we have some hybrid environments I plan on enabling self-clearing for. But wondering what other MSPs have done in this scenario?"sign-in frequency" every time not working as expected and described.
We have several PIM managed groups in an Entra ID tenant. Members are added as eligible. For the activation of the memberships an Authentication Context is created which is linked to a conditional access policy. The conditional access policy requires MFA with phishing resistant authentication factors, and "sign in frequency" is set to "every time". When activating membership authentication is required. When activating membership to another group (>5min in between activations) one would expect to request an authentication prompt, as described in Microsoft documentation. In Firefox this works as expected, In Edge and Chrome there is no re-authentication required every time, and sometimes even not for the first activation, not even in an in-private session. The device is not joined to this tenant, and the account used to log on is different from the one used to logon to the Entra ID portal. This is a test tenant with only those CA rules configured, no other policies or rules are in place. Anyone experiencing the same, or knowing the cause?
Azure AAD joined only Access on prem resource
Hi, I have the following situation, i have an Azure AVD host that is joined to Azure AD only. From the dsregcmd /status: i have the following. Device State: +----------------------------------------------------------------------+ | Device State | +----------------------------------------------------------------------+ AzureAdJoined : YES EnterpriseJoined : NO DomainJoined : NO Virtual Desktop : NOT SET Device Name : COMPUTERNAME +----------------------------------------------------------------------+ | SSO State | +----------------------------------------------------------------------+ AzureAdPrt : YES AzureAdPrtUpdateTime : 2025-02-13 12:57:47.000 UTC AzureAdPrtExpiryTime : 2025-02-27 14:22:41.000 UTC +----------------------------------------------------------------------+ | Diagnostic Data | +----------------------------------------------------------------------+ AadRecoveryEnabled : NO Executing Account Name : DOMAINNAME\samaccount, FQDN +----------------------------------------------------------------------+ | Ngc Prerequisite Check | +----------------------------------------------------------------------+ IsDeviceJoined : YES IsUserAzureAD : YES PolicyEnabled : YES PostLogonEnabled : YES DeviceEligible : NO SessionIsNotRemote : NO CertEnrollment : none PreReqResult : WillNotProvision However when i connect to the on prem resource i get an authetnication prompt when i type in my username and password i can access the share. I do not get a kerberos ticket back. Klist remains empty. (cached tickets 0) It's not clear to me if it is required to have the cloud kerberos trust enabled if you don't use window hello for business or passwordles authentication. Passwordless security key sign-in to on-premises resources - Microsoft Entra ID | Microsoft Learn Azure AD Kerberos - Mr T-Bone´s Blog Do i need the Kerberos object in AD even i don't use keyless or hello for business. Anybody that can help on this?Entra Private Access Licensing
I'm a bit stuck trying to figure out what licensing we need to get us working on BYOD devices such as iPads if we want to use the Private Access part of Global Secure Access. A few places on Microsoft's website mention that as long as we have an Entra ID P1 or P2 license and a Private Access license assigned to a user, we should be able to enrol mobile devices without any issues. However, when I try to sign into MS Defender on an iPad (tried 2 different ones), I get an error saying invalid license. One of the users I am currently testing has an Office 365 E3 license assigned as well. Where am I going wrong?
Microsoft Monitor Agent offline buffer
Hello, I need to ask about the buffer size and time of the azure monitor agent when it's installed in Linux machine to work as Log collector agent for Microsoft sentinel, regarding the case when internet down and logs need to be buffered before forwarded. Is there any official document that mention that feature. BRRegistered App > Grant Permission to OneDrive?
Hello everyone, I'm trying to connect an automation platform (N8N) to our OneDrive. What I did: registered an app create a secret for it gave n8n the client id and secret value gave the app various api permissions (i.e. files.readwrite.all) created an app role (users & apps) added myself as an owner Error I'm running into: "Forbidden - perhaps check your credentials? You do not have access to create this personal site or you do not have a valid license." I know that I have all the needed permissions, because in another automation platform which is more hands-off (Make.com), everything works fine. Unfortunately, I need it in N8N, which requires more setup. My question: What permissions do I need to give the registered app? Did I miss a step in the grand scheme of things? Thanks a lot in advance!! TomQ: Restricting access to Business Web Application/Non-Enterprise Application
Hi all, We are in the middle of moving our on-prem infrastructure to Intune and more specifically, building out conditional access policies. All but one of our business applications have been straightforward with the process to limit access unless certain conditions are met from an authentication, device, or location compliance perspective. The one business application we are needing to find a solution for is a web-based application that we do not control outside of user administration and limited-customization. Typically this would be fine if SSO was leveraged, but this web application, unfortunately and not without several conversations with the developers due to the sensitive nature of the data being stored, does not have SSO on their roadmap. Users can access this application from any web browser using their username and password credentials and an application specific 2FA process using SMS code. There is no connection between our MS tenant and this web application. Due to the sensitive nature of the information stored within this application and the availability of this application from any device with a web browser has raised my antenna with security concerns. Especially in the case of a user downloading information from this site on their BYOD mobile device as they would may need to do in the course of their duties, but if they left the organization, we have no way of wiping that data through the removal of the work profile like we do with all other work data through Intune device compliance measures. We can limit what devices are allowed to connect to work resources (Complaint) and access work applications (all but one, and they need to be compliant to do so), but is there a way to not allow the personal profile of any BYOD device that is compliant, from accessing or logging into this specific URL in any browser from the personal profile web browser?Introducing the Azure Roadmap
We launched the Azure Roadmap on Azure.com in June of this year and have received a tremendous response from our customers. For the first time in one place, customers can see what we are working on for future releases, see related feedback, and subscribe to updates. The Roadmap is also integrated with Azure Updates so that customers can see how we are delivering against our plans. We are excited to start working with the Microsoft Tech Community to further reach customers. You can now find the link to the Azure Roadmap under More Resources in the community. We are always looking to improve and would love to hear from you. Please e-mail azroadmapfeedback@microsoft.com with your comments and questions. Below are FAQs to help you get started exploring the roadmap! What is the Azure Roadmap? The Azure roadmap provides a central place where Azure customers can see what’s new and what’s coming next for Azure Where is the public Azure Roadmap? You can find it under More Resources in the community or you can go directly to https://azure.microsoft.com/en-us/roadmap/ or http://aka.ms/azureroadmap What kind of posts can I expect on the Azure Roadmap? The posts you will see on the Azure Roadmap are the key features and services that have launched or are coming soon. For details on incremental updates and/or improvements to features and services, please visit Azure Updates - https://azure.microsoft.com/en-us/updates/ How do I find a specific post on the Azure Roadmap? The Azure Roadmap page provides filters (by Product Category and/or Status), tags, and search functionality to help you quickly navigate to your area of interest. What do the different Statuses (In development, In preview, Now available) mean? In development – updates that are currently in development and testing In preview – preview; updates in preview that may not be available broadly and to all customers Now available – generally available; fully released updates How can I learn about changes in the Azure Roadmap? You can subscribe to notifications so you’ll always be in the know. Where can I find service availability by region? On the right navigation menu under “Explore” there is a link to “Check product availability in your region.” You may also find this detail by visiting: https://azure.microsoft.com/en-us/regions/
