Microsoft Entra | Microsoft Community Hub

Forum Widgets

Latest Discussions

Issues with Microsoft Authenticator not popping up Approval message
We have recently implemented MFA with a conditional access policy. We turned off the ability to receive texts/calls and are forcing the Authenticator app. This is causing issues when users need to re set up the account in the Authenticator app. I have had multiple scenarios this week where the Microsoft Authenticator app has stopped displaying the approve/deny message. The end users try to fix the issue themselves and will remove their accounts from the app and try to reenroll by going to myapps.microsoft.com and restarting the setup process. The problem lies in that even though they are visiting the portal from devices that are excluded from MFA via conditional access (Compliant/Hybrid AD Joined) the myapps.microsoft.com portal is still enforcing MFA to log in. Since they have removed their account from the application they can not authenticate to the portal. There is no alternate method since Phone/Text are disabled. In order to get the end user back into the portal I have to go to the regular MFA Setup page, enable phone calls or texts, enable and enforce MFA on the end user, and they can finally get in to re-set up the account. All of this could be fixed with a one time bypass for cloud!
Solved
Robert Woods
Steel Contributor
Oct 06, 2018
Access Management
Identity Management
1MViews
1like
40Comments
List all users' last login date
Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.
JakobRohde
Iron Contributor
Sep 22, 2017
Azure Active Directory (AAD)
699KViews
1like
66Comments
Report on users with MFA Enabled
We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup). Looking at the status of users who I know have enabled MFA, it still shows Disabled for them in the Multi-Factor Authentication page (https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx).
Solved
dbetlow
Iron Contributor
Feb 27, 2018
Azure Active Directory (AAD)
330KViews
0likes
37Comments
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition. We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for. Read about it in the Enterprise Mobility & Security blog.
EricStarker
Former Employee
Nov 15, 2017
Azure Active Directory (AAD)
291KViews
2likes
121Comments
Google Authenticator app & Office 365 MFA
Is it possible to use the Google Authenticator iOS app with Office 365 MFA instead of the Microsoft Authenticator app? I tried adding to Google Authenticator with both QR code and manually but got failures each time.
Bryan Callicott
Copper Contributor
Sep 21, 2017
Azure Active Directory (AAD)
Identity Management
274KViews
5likes
30Comments
ADFS vs Azure AD for SSO
Hi there Bit of a newbie question but what is the difference between using Azure AD and ADFS as a SAML identity provider? We have on-premises AD and ADFS servers and a federation with Azure AD using AD Connect. We want to integrate with a SaaS app that is listed in the Azure AD application gallery but I can't find any definitive information that guides me whether it would be better to use Azure AD or ADFS as the identity provider. Any help would be appreciated. Regards Neil
Solved
Neil Manley
Copper Contributor
Apr 24, 2017
Azure Active Directory (AAD)
Identity Management
270KViews
0likes
10Comments
Myapplications.microsoft.com and managing applications
We have begun testing the new Myapplications.microsoft.com site. One thing we have noticed is the inability to manage the users who have access to an enterprise application. In the older MyApps site, a delegated user listed within the self-service properties of an enterprise application, could manage and invite guest users (if they have been added to the Guest Inviter role) to their application. However, when trying to do the same thing on Myapplications.microsoft.com brings up the following message on the Permissions and Accounts tab: "This app does not have any accounts." Has anyone else experienced this issue? We currently have Azure AD P1.
gabegsc
Copper Contributor
Jun 11, 2020
Azure Active Directory (AAD)
239KViews
1like
13Comments
Powershell CMDlets for MFA Settings?
Does anyone know if there are Powershell Cmdlets available to allow inspection of a user's MFA settings related to which verification options were configured and which option is considered primary? I am mostly focused on Office 365, but I think that this is an Azure AD question in general. Here's the use case that I am considering. We have a number of Office 365 users with MFA enabled. There was configuration guidance given at setup time, but not all users chose to follow that guidance. Specifically, many chose SMS notification, but our facility is notorious for poor cellular reception. Mobile app is preferred in this environment. In some cases, they deviated from the suggested method intentionally and, other times, unintentionally. This leads to support calls and it would be very useful for the support tech to know up front which methods are configured and which is the user's primary verification method. I've looked at the Azure AD module, but haven't found what I'm looking for yet. Thanks, Andy Baerst
Solved
ABaerst
Copper Contributor
Feb 13, 2018
Azure Active Directory (AAD)
Identity Management
microsoft 365
236KViews
4likes
30Comments
Azure AD Connect - Dealing with incorrectly created users post-sync
We have a single domain in windows AD, not the same as our verified domain in Azure AD (through 365). If a user was not set up to use the "verified" suffix in their user principal name, Azure AD Connect will create a user with the traditional "onmicrosoft.com" UPN in azure. This makes sense, but I want to understand this better, because if this happens by mistake I do not currently know how to "delete" or "merge", or perhaps "change the sync target" for that unmatched account. In this scenario assume that the user did exist already in Azure AD with a proper verified "@company.com" UPN, but now they have an incorrect "new" account. What should be done in this situation? Currently I have successfully gone through the process of disabling the sync, deleting the new incorrect user in Azure AD, fixing the UPN in windows server AD, and then re-syncing. This seems like a nuclear approach for such a localized issue. Any guidance is appreciated.
Solved
Myles Gallagher
Copper Contributor
Jul 31, 2018
Azure Active Directory (AAD)
175KViews
0likes
9Comments
Join windows server 2019 to Azure AD
Is there an option or work around to join windows server 2019 standard to azure AD for authentication ?
Jeremiah Kibanga
Copper Contributor
Jun 01, 2019
Azure Active Directory (AAD)
172KViews
1like
20Comments

Resources

Tags

Azure Active Directory (AAD)1,551 Topics
Identity Management596 Topics
Access Management424 Topics
microsoft 365367 Topics
Azure AD B2B220 Topics
Active Directory (AD)170 Topics
Conditional Access153 Topics
Authentication124 Topics
Azure AD Connect123 Topics
azure109 Topics