Forum Widgets
Latest Discussions
Dynamic group membership rules stopped working
We've been using the following the following dynamic membership rule to check if a user is a member of another group: user.memberOf -any (group.objectId -in ['2b930be6-f46a-4a70-b1b5-3e4e0c483fbf']) The group is an Active Directory group that is represented in Entra with the stated Entra group object Id. The validation fails for every user and looks like this: It seems that all out dynamic groups are affected and stopped working. Have you seen this before? Thanks.116Views0likes3CommentsException in conditional access policy for "Windows app - macOS"
Hi, I'm trying to restrict all Enterprise resources to Cloud-PC's only and therefore have a CAP in place that restricts access to all apps to cloud-pc's only. Naturally I have to provide an exception for the Remote desktop app so that end users can connect from their private endpoints to the cloud-PC. Here's the problem though. While I can find an exception for the Windows Remote Desktop app this exception doesn't apply to macOS and when looking at the sign-in logs the policy locks out "Windows App - macOS" with the app-id63896e48-3d27-4ce2-9968-610b4af62c5d. Neither "Windows App - macOS" nor63896e48-3d27-4ce2-9968-610b4af62c5d is findable in the application list for CAP exceptions. Is there a workaround or will this be made available? Maximmaxim6300Nov 04, 2024Occasional Reader126Views1like2CommentsReport conditional access policies and sign in logs
I would like to create a PowerShell report about the relation between sign in logs and the conditional access policies. For me it is important to see the effects of the conditional access policies (in reporting mode) on the user signs. Thank you for your supportStefanKiNov 01, 2024Iron Contributor196Views0likes3CommentsOTP Code via SMS from non microsoft number
Hi Microsoft Team, Good day! For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the SMS doesn't use an official Microsoft phone number and "Microsoft" is not displayed as the sender. I would like to request assistance on how to verify that these numbers are legitimately from Microsoft. 41 79 998 76 61 and 4915758307532. Many thanks for your help. Kind regards, RosineRosine_LEROYNov 01, 2024Copper Contributor280Views0likes3CommentsNew role recommendation: Read Only Exchange Admin
To fully leverage PIM, we are transitioning to Entra roles wherever possible. We wish we could get off of customized Exchange RBAC roles, but the Exchange Recipient Admin role, lacks access to information like mail flow rules, which is essential for troubleshooting mail delivery issues. We would appreciate the introduction of a read-only role that allows viewing all information in Exchange without the ability to make changes.Kristin_L_365Nov 01, 2024Copper Contributor141Views0likes3CommentsMembers of a privileged access group cant validate dynamic group membership
Hi All, Does anyone know when this ability will be rolled out to members of a PAG with the group administrator role. Currently we are rolling out a PIM implementation using access packages to control PIM roles using privileged access groups using the least privileged model. Although this has worked well so far, we have an issue with admins who have the group administrator role via a PAG not being able to validate a dynamic group membership role. I know this feature is currently in preview, but was wondering if this is on Microsoft's roadmap to resolve it before it the preview is completed? As our admins use this feature a lot, we are currently having to assign this role as eligible to a user via PIM, which defeats the object of using the entitlement management access packages controlled via PAG's. Rgds Leeilmaestro7Oct 31, 2024Copper Contributor105Views0likes0CommentsEnable MFA for external idetnities in MS Entra
Hi all, I am planning to enable MFA for guest accounts and external identities using Conditional Access in MS Entra. I am however wondering how I can select what Authentication methods can they use - or what would be the default behaviour. Currently, I am still using legacy MFA for internal users. I will migrate MFA to MS Entra later this year however, not sure how this is working when enabling MFA for external users. As I do use legacy MFA, my setting in " Authentication methods > Policies" have MS Authenticator set to NO. Now, do I need to switch MS Authenticator to YES if I want guests to use that app? And if I enable it, how do I assign it to External identities only? I do not see that kind of option there at all... I can assign it to all, for example, but I am not yet ready to migrate internal users as well... Would be happy to get some clarification on this. Thank yousumo83Oct 30, 2024Iron Contributor188Views0likes3CommentsLicense for Multi Tenant Setup
Scenario: User R is part of Tenant A and have M365 License. Tenant A & B are cross sync. Whether User R would need M365 license from Tenant B to operate on files stored in Tenant B? Scenario: User M is the external guest to Tenant B. Whether User M would need M365 license from Tenant B to operate on files stored in Tenant B?rr_mstechnologyOct 30, 2024Copper Contributor228Views0likes5CommentsNew Blog | Manage Microsoft Entra ID role assignments with Microsoft Entra ID Governance
ByJoseph Dadzie I’m excited to announce that we now support Microsoft Entra role assignments in Microsoft Entra ID Governance's Entitlement Management feature! To ensure least privilege, many of you are usingPrivileged Identity Managementto provide IT administrators just-in-time (JIT) access to theleast privileged role assigned. This approach allows you to minimize the attack surface in your organization by reducing the number of permissions IT administrators have. However, some admins in your organization may require long-standing permissions coupled with other resources, like specific applications. Read the full post here:Manage Microsoft Entra ID role assignments with Microsoft Entra ID Governance161Views1like0CommentsNew Blog | Meet Microsoft Entra at Ignite 2024: November 18-22
ByIrina Nechaeva Microsoft Ignite is just around the corner, taking place from Monday, November 18, 2024 through Friday, November 22, 2024, in Chicago, Illinois anddigitally.This event is the ultimate gathering for IT and Security professionals, developers, and business leaders from every corner of the world. During Ignite, dive into the latest AI innovations for AI transformation to learn from the brightest minds in the industry. Plus, discover solutions to help modernize and manage intelligent apps, protect your data, supercharge productivity, and expand your services. You’ll also have endless opportunities to network with partners and grow your community or business. While in-person passes are sold out,you can still register to participate online. This year, we're thrilled about our sessions on Microsoft Entra. These breakouts are your all-access pass to not only hear about the cutting-edge advancements in identity and access management (IAM), but also to engage with Microsoft Entra experts and team members behind these innovations. Whether you're curious about advancing your Zero Trust architecture with identity and network, delving into the latest advancements in generative AI for securing access, or exploring our unified approach to identity and network access controls, we've got you covered! Read the full post here:Meet Microsoft Entra at Ignite 2024: November 18-22136Views0likes0Comments
Resources
Tags
- Azure Active Directory (AAD)1,524 Topics
- Identity Management589 Topics
- Access Management414 Topics
- Microsoft 365354 Topics
- Azure AD B2B217 Topics
- Active Directory (AD)160 Topics
- Conditional Access130 Topics
- Azure AD Connect109 Topics
- azure102 Topics
- Authentication101 Topics