Recent Discussions
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition. We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for. Read about it in the Enterprise Mobility & Security blog.
Myapplications.microsoft.com and managing applications
We have begun testing the new Myapplications.microsoft.com site. One thing we have noticed is the inability to manage the users who have access to an enterprise application. In the older MyApps site, a delegated user listed within the self-service properties of an enterprise application, could manage and invite guest users (if they have been added to the Guest Inviter role) to their application. However, when trying to do the same thing on Myapplications.microsoft.com brings up the following message on the Permissions and Accounts tab: "This app does not have any accounts." Has anyone else experienced this issue? We currently have Azure AD P1.
Azure AD PowerShell v2 cmdlets not working, e.g. Get-AzureADPolicy
Sorry if I posted this twice, to me it seems that the first post did not succeed. Installed PowerShellGet using the MSI. Installed the Azure AD PowerShell v2 GA module using Install-Module AzureAD. Connected and authenticated to our Azure AD tenant successfuly using Connect-AzureAD as can be seen below. PS C:\Users\Administrator> connect-azuread Account Environment TenantId TenantDomain AccountType ------- ----------- -------- ------------ ----------- xxxxxxx@xxxxxxxx.nl AzureCloud xxxxxxxx-0599-4cd4-8... xxxxxxxx.onmicrosof... User But when running the Get-AzureADPolicy I get the error that this cmdlet is not available as can be seen below. PS C:\Users\Administrator> Get-AzureADPolicy Get-AzureADPolicy : The term 'Get-AzureADPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-AzureADPolicy + ~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-AzureADPolicy:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException What am I doing wrong? I urgently need to adjust the token lifetimes.How to recover or re-add device
Hi, To try and make a long story short, I have 2 devices, Device 1 one belonged to me and Device 2 belonged to someone previously. I had taken Device 2 because the specs we're better and am giving Device 1 to a new-hire. My initial thought was to delete Device 1 and just re-add it to Azure AD under the new owner. After I had done that I came across an extremely simple PowerShell cmdlet that made adding a new owner and removing the old owner very fast and painless. I used this cmdlet to add me as the new owner of Device 2 but had already deleted Device 1. I'm now stuck trying to figure out how to get Device 1 back into AD and change the owner. How can I do this? Thanks
Device Migration from On-prem AD to Azure AD
Hello All, We want to migrate our On-Prem AD devices to Azure AD and enroll into intune. We have Azure AD sync and all but needs to convert machine to Azure AD join only not Hybrid AD. So we would like to create new user profile on machine. We have used two methods so far. 1) Reset the machine and use join to Azure AD from OOBE. ( Issue - This will make user a Administrator for that machine and we dont want that ) 2) Unbind from on-prem AD, join to Azure AD manually but the same issue like number 1. 3) Using Hardware Hash, register devices to Autopilot and then reset all the machines. ( Issue - This will take too long to migrate 250 machines and helping remote workers are quite difficult ) Has anyone tried any different method or is there any expert suggestion ? Thanks!Skip multi-factor authentication IP whitelist
Hello, We are currently testing out Azure MFA, but want to skip requests when the users is on our corporate network. I have the "Skip multi-factor authentication for requests from following range of IP address subnets", but notice it has a limit of 50 subnets. Well we have more than 50 subnets at multiple locations. We do not have ADFS in our environment and use password sync via ADConnect. I also have modern authentication enabled for Exchange Online. I've been searching, but could not really find a definitive answer on how we could go about skipping MFA requests when users are on our corporate network. Any help or guidance would be appreciated.Did I accidentally provision Apple Internet Accounts with my own Azure AD user account
I was adding my O365 email account to my iPhone (Exchange Active-Sync) when I was prompted with the request below. I blindly tapped Accept (yes really should have read the fine print) and realised I probably should have lingered there a bit longer. Sure enough in Azure AD user audit log is a Add app role assignment grant to user event followed by the following events from Apple Internet Accounts: Add app role assignment grant to user (my account now a member of Exchange Admin, Helpdesk admin, Service Support and a few others A Remove app role assignment from user event (not sure which one) Add a deletion-marked app role assignment grant to user as part of link removal I'm not even sure I want to provision Apple Internet Accounts in my tenant and certainly not with any of its services tied to my current account which was set up for me as global admin. (I am converting it to a regular account and setting up a separate admin account - see my other post on this matter: O365 / Azure AD - two accounts for admins v. PIM). Can I remove my user account from all those admin roles? Do I want to use Apple Internet Accounts even? I would think not?? as we don't provision devices (BYOD). Can I un provision Apple Internet Accounts for now? Can they make that sign in page look less like a phishing attempt lol?Migrating On Prem AD to Azure AD and doing away completely with On Prem AD
One of my customers is presently using Azure AD and they are syncing with their On Prem AD using Azure AD Connect. The authentication being used is PHS. Now, they would like to get rid of their On Prem AD completely and would like to know what are the implications in doing so and how users would be affected during the cutover. Since there is no straightforward migration option of On Prem AD to Azure AD completely, what options do i have here ? Will it help to setup an IaaS VM in Azure and promote it as a domain controller and sync it with On Prem Domain Controller? Or we can make use of Azure AD DS service. Any help on this would be appreciated
What does disabling an Azure AD device actually do?
In a AAD only org, with Windows 10 Enterprise computers all Azure AD joined and managed by Intune, exactly what does "disabling" the device via the AAD Portal -->Devices-->Select a device-->Disable do? It seems to have absolutely no impact on our devices' abilities to continue to login to AAD, and access Office 365 apps/services, for example. Perhaps I naively assumed that disabling a device actually meant that it would be disabled in the sense that you couldn't login to your org via AAD login, or, even if you were, you wouldn't be able to do anything that required AAD - which in my mind includes Office 365. Am I mistaken? Thanks, Bob
Recent Blogs
- 3 MIN READExplore how new logging updates in Microsoft Entra bring agent visibility and enriched logs for deeper, more actionable sign-in insights.Sep 22, 2025
- While System for Cross-domain Identity Management (SCIM) is the best foundation for agent identity provisioning, key enhancements are needed, says Alex Simons, Corporate Vice President of Identity an...Sep 16, 2025
