Recent Discussions
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition. We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for. Read about it in the Enterprise Mobility & Security blog.
Azure AD SCIM Validator is in General Availability (GA) Status
You can now validate the compatibility of your SCIM provisioning endpoint and Azure AD code base using our Azure AD SCIM Validator. This tool can be used by ISVs who want to build SCIM compatible servers either for gallery app or generic app and developers building their line of business SCIM apps. https://learn.microsoft.com/azure/active-directory/app-provisioning/scim-validator-tutorial
Azure Active Directory Webinar Community
Our 12-part AAD Webinar program has now concluded. Check back here soon to learn about our FY21 webinar plans! Want to watch and listen to these webinars? Check back a few weeks after each webinar session at https://aka.ms/AADWebinarRecordings. Time & Date Webinar Topics March 5, 2020 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Your journey to passwordless (You will learn about options to minimize use of passwords today and how to work toward a passwordless future.) March 12, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Manage Partner Access with B2B (You will learn how to collaborate with your partners in a secure manner.) March 19, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Enable New Customer Experiences with B2C (You will learn how to enable new customer experiences with Azure AD B2C.) June 11, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Identity Governance for Modern Organizations (We will introduce tools to govern the lifecycle of user and guest identities in your Azure AD and Office 365 deployment.) June 18, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Getting started with Azure AD Reporting and Insights (You will learn how to Interpret Azure AD Logs, Integrate with your SIEM tools and Gather Insights about your Azure AD Service.) June 25, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Azure AD as the New Security Control Plane (You will learn how to assess and implement a modern approach to secure your organization identities with Azure AD.) 2019 Webinar Dates 2019 Webinar Topics September 5, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Getting started with hybrid identity Learn how and why to integrate your on-premises identities with Azure AD. September 12, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Integrating your applications with Azure Active Directory Learn how integrating your line of business and SaaS apps using Azure Active Directory enables advanced security, single sign-on, and convenience for you and your users. September 19, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Take your apps to the next level with provisioning Simplify identity lifecycle management with Azure AD automatic user and group provisioning for SaaS applications. October 3, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Upgrade your security with multi-factor authentication Protect your users by leveraging Azure AD and 3rd party multi-factor authentication. October 10, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Starting your journey to Zero Trust with Conditional Access & Identity Protection Today's cloud technology and mobile workforce challenge traditional approaches to security. Learn how to shore-up your environment by following zero trust methodologies and Azure AD technologies. October 17, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Empower your users with better IT scalability Learn how Azure AD enables your users to reset their passwords securely and manage their own security and allows you to scale IT management of groups. Want to listen to the recording? Check back a few weeks after the webinar session at https://aka.ms/AADWebinarRecordings.Azure Active Directory Webinar Recordings
Below you will find links for the recordings of the Azure Active Directory webinar sessions in YouTube format. Note, these webinar recordings will be available roughly 2-3 weeks after each of the live webinars. Live links will be posted as soon as they are available. We will also post a pdf of the PPT used in each webinar as soon as we have that available. ALSO NOTE: COVID has delayed recordings of March and June sessions, but we hope to have those posted below by end of June / early July. Please also note: Depending on your Internet connection it may take up to fifteen seconds or so for the recording to start. Check in at our webinar community for FY21 updates: https://aka.ms/AADWebinarCommunity. Date Topic Recording PPT Presentation March 5, 2020 Your journey to passwordless (You will learn about options to minimize use of passwords today and how to work toward a passwordless future.) YouTube Link March 12, 2020 Manage Partner Access with B2B (You will learn how to collaborate with your partners in a secure manner.) YouTube Link March 19, 2020 Enable New Customer Experiences with B2C (You will learn how to enable new customer experiences with Azure AD B2C.) YouTube Link June 11, 2020 Identity Governance for Modern Organizations (We will introduce tools to govern the lifecycle of user and guest identities in your Azure AD and Office 365 deployment.) YouTube Link June 18, 2020 Getting started with Azure AD Reporting and Insights (You will learn how to Interpret Azure AD Logs, Integrate with your SIEM tools and Gather Insights about your Azure AD Service.) YouTube Link June 25, 2020 Azure AD as the New Security Control Plane (You will learn how to assess and implement a modern approach to secure your organization identities with Azure AD.) YouTube Link 2019 Recordings & PowerPoint Presentations September 5, 2019 Getting started with hybrid identity Learn how and why to integrate your on-premises identities with Azure AD. YouTube Link September 12, 2019 Integrating your applications with Azure Active Directory Learn how integrating your line of business and SaaS apps using Azure Active Directory enables advanced security, single sign-on, and convenience for you and your users. YouTube Link September 19, 2019 Take your apps to the next level with provisioning Simplify identity lifecycle management with Azure AD automatic user and group provisioning for SaaS applications. YouTube Link October 3, 2019 Upgrade your security with multi-factor authentication Protect your users by leveraging Azure AD and 3rd party multi-factor authentication. YouTube Link October 10, 2019 Starting your journey to Zero Trust with Conditional Access & Identity Protection Today's cloud technology and mobile workforce challenged traditional approaches to security. Learn how to shore-up your environment by following zero trust methodologies and Azure AD technologies. YouTube Link October 17, 2019 Empower your users with better IT scalability Learn how Azure AD enables your users to reset their passwords securely and manage their own security and allows you to scale IT management of groups. YouTube Link Thanks for watching and please feel free to share these links!Azure AD group-based license management for Office 365 and more
This looks awesome - simplify licence management for Office 365, EMS, Dynamics 365 and more with the https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/: Microsoft cloud services such as Office 365, Enterprise Mobility + Security, Dynamics CRM, and other similar products require licenses to be assigned to each user who needs access to these services. Until now, licenses could only be assigned at individual user level, which can male large-scale management difficult for our customers. We have introduced a new capability of the Azure AD license management system: group-based licensing. It is now possible to assign one or more product licenses to a group. Azure AD will make sure that the licenses are assigned to all members of the group. Any new members joining the group will be assigned the appropriate licenses and when they leave the group those licenses will be removed. This eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis. Here is the documentation with the steps to get started - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-portal
Azure AD B2C authorization code and refresh token size increase update
Update September 11, 2023: This post is irrelevant anymore As part of ongoing security improvement efforts in Azure Active Directory (AAD), part of Microsoft Entra, Azure AD B2C will be rolling out a format change that increases the size of OAuth 2.0 (and OpenID Connect) authorization code and refresh tokens returned to your application. If your application is configured to accept the OAuth2 authorization code as query string parameter or URL fragment, this change might impact users in the following scenarios: Users with old web browsers such as internet explorer may exceed the URL length limit. If your application runs on web servers, behind firewalls or reverse proxies with low URL length limits or configuration. The OAuth2 (and OpenID Connect) protocol specifies three response modes which specify how the authorization code is returned to your application. With the query and fragment mode the authorization code is returned as a query parameter or fragment of the URL. In the form_post mode, response parameters will be encoded as HTML form values that are transmitted via the HTTP POST method and encoded in the body. For information, check out the OAuth 2.0 authorization code flow in Azure Active Directory B2C article. To mitigate URL lengths issues: For web applications, we recommend using OAuth2 response_mode set to form_post, to ensure the most secure transfer of tokens to your application. For single page application with authorization code flow and PKCE, reduce the number of claims omitted to your application. In the user flows, and custom policies remove claims that are unnecessary for your app. You can use the user info endpoint to return claims about the authenticated user. This will minimize the size of the authorization code and the refresh token. This change should not affect device-installed apps, such as mobile and desktop apps. The change also impacts the size of the refresh token. MSAL library caches a token after it has been acquired. For web applications with in-memory cache, or a distributed token cache, make sure your cache system can handle the size of the refresh token, or reduce the size of the refresh token as described in the previous section. YoelExchange Online and Azure AD Connect
Hi everyone, We are planning to implement Azure AD Connect in a Password Hash Synchronization with Seamless Sign On scenario, hosted on Azure B1ms Windows Server 2016 AD DC connect to on-prem AD via S2S VPN. My company of around 100 users have had O365 for several years and the on-prem and AAD environments are totally separate for now. One thing that has come up in my research is with Azure AD Connect in place, on-prem AD must be the source of all objects, attributes, and changes - makes sense. Where there is confusion is Exchange Online attributes. Several older threads on Tech Community and other forums state you cannot change EXO attributes, in an AAD Connect environment, without on-prem Exchange installed or at least its schema changes. On review, the only EXO attributes we would change that aren't in the default AD schema are mailbox delegation (SendAs, AccessRights, etc) and email addresses (multiple SMTP addresses). Other attributes that show in EXO such as Job Title, Address, and Tel Numbers are all available in the default schema via AD Users & Computers, so my presumption is they're not of concern. Can anyone shed some light on this and confirm how we'd manage things like multiple SMTP addresses without the Exchange scheme in our on-prem AD? Does this differ depending on where the object is managed (cloud only vs hybrid) or user mailbox vs shared? Thank you, RuairidhFewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview
A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. But we know from talking to customers, that cutting down on the number of sign-in prompts is REALLY important. Nobody wants to have to sign-in to an app multiple times! So today I’m happy to share that we’re improving how “Keep me signed in” option is shown to users. We’re also adding intelligence to ensure users are prompted to remain signed in only when it’s safe to do so. Read about it in the Enterprise Mobility & Security blog.Upcoming improvements to the Azure AD sign-in experience
We’d like to give you an early heads up on some visual design updates that are coming to the Azure AD sign-in experience. Customers gave us a LOT of feedback last time we updated the sign-in. It was clear that you wanted us to provide more notification, earlier in the process with more information. We’ve learned and this time we’re giving you more time and info than ever before. Our next set of changes aims to reduce clutter and make our screens look cleaner. A visually simpler UI helps users focus on the task at hand – signing in. This is solely a visual UI change with no changes to functionality. Existing company branding settings will carry forward to the updated UI. There will be no change to SSO or "Keep me signed in functionality". Read more about the changes in the Enterprise Mobility & Security blog.The new Azure AD Signin Experience is now in Public Preview
We’re continuing to make progress on converging the Azure AD and Microsoft account identity systems. One of the big steps on this journey is to redesign the sign-in UI so both systems look consistent. We're happy to announce that this updated design is in public preview! What’s changing: Redesign of Azure AD & Microsoft account sign-in experiences Pagination of the Azure AD sign-in page Read more about it in the Enterprise Mobility & Security blog.Device Migration from On-prem AD to Azure AD
Hello All, We want to migrate our On-Prem AD devices to Azure AD and enroll into intune. We have Azure AD sync and all but needs to convert machine to Azure AD join only not Hybrid AD. So we would like to create new user profile on machine. We have used two methods so far. 1) Reset the machine and use join to Azure AD from OOBE. ( Issue - This will make user a Administrator for that machine and we dont want that ) 2) Unbind from on-prem AD, join to Azure AD manually but the same issue like number 1. 3) Using Hardware Hash, register devices to Autopilot and then reset all the machines. ( Issue - This will take too long to migrate 250 machines and helping remote workers are quite difficult ) Has anyone tried any different method or is there any expert suggestion ? Thanks!SignInLogs are not showing in Log Analytics / Azure Monitor
I have followed the steps to create an Log Analytics workspace, and configured the Diagnostic Settings in Azure AD to send the SignInLogs and AuditLogs to LogAnalytics. However, I cannot see the SignInLogs; I only see events from AuditLogs available in Log Analytics. I believe I have met the prerequisites on licensing by means of a trial of Azure AD Premium P2 license. Does anybody know why it's only sending out the AuditLogs and not the SignInLogs to Log Analytics?
MS Teams in Cross-Tenant synchronization
Hello! I am using Cross-Tenant synchronization (preview) to synchronize two tenants (A and B). I have created a configuration to send the users from Tenant A to Tenant B. In the "Provision Azure Active Directory Users" mapping, the "Usertype" attribute is set to Member and in the "showInAddressList" attribute is set to True. After these settings, in outlook the migrated users appear in the GAL/search bar and work perfectly, showing data, status and sending e-mails normally. In Microsoft Teams, the migrated users appear in the GAL with all their data, but no status and the messages do not arrive at their destination. Is this normal for the tool? If yes, is there any way to hide these migrated users only in Ms Teams? I am worried about the end user sending messages to these migrated users and not being able to contact them. Regards,Azure AD Conditional Access - Require Domain Joined Device
Does the ‘Domain Join’ checkbox in Azure AD Conditional Access require Azure AD Domain join, or does it mean on-premises Domain Join? The attached screen shot says ‘Not Azure AD Domain Join’ but the documentation shown in the screen shot seems to contradict this.
Recent Blogs
- 3 MIN READExplore how new logging updates in Microsoft Entra bring agent visibility and enriched logs for deeper, more actionable sign-in insights.Sep 22, 2025
- While System for Cross-domain Identity Management (SCIM) is the best foundation for agent identity provisioning, key enhancements are needed, says Alex Simons, Corporate Vice President of Identity an...Sep 16, 2025
