Home

Azure Active Directory

310 Conversations

Latest Activity

Custom List Message Item

Scenario:

We have an on-prem ADFS which is configured to federate with couple of partner organizations. The federated authentication with both our partners works well in On-Prem. Now we want to use this ADFS as authentication mechanism for Office 365.

 

Ques

... Read More
373 Views
8 Replies

Hi,

 

I would sync your users to Azure AD and simply invite your partners' users to SharePoint sites. If done so, the answers are as follows:

  1. No, you do not need to sync the
... Read More

Easiest implementation would be your partners also sync their users to Azure AD.  Then you can invite them as a guest to your tenant and then they will be available to ad

... Read More
hi,

1/ In sharepoint, you can add a external user, the user of partner organisation not need sync to let them access. But is just for sharing document.

2/ if you use the 1 ... Read More

@Atul Moghe Did you get any solution for this scenario. 

Hi Atul,

 

You should not use your ADFS to authenticate partner users because you will need to validate their domain on your Office 365 as an accepted and validated domain.

Read More

Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.

Read More
274 Views
3 Replies

No. Use the report in the O365 admin center -> Reports -> Usage -> Active users.

Best Response confirmed by Jakob Rohde (Contributor)

Hi there,

 

we are planing to move (nearly) all of our services to the cloud. We have a on-prem Exchange 2010 and Windows Fileserver. 
We plan to use O365 Exchange.

The only Problem is that we need a on-prem fileserver because we are working with big files at

... Read More
619 Views
2 Replies

Hi Julian - was curious if you ever figured this out.

 

I've seen that you can setup a file server on QNAP's with virtualization station. Would it be possible to join thi

... Read More
You could, but the challenge would be that you then have two systems to authenticate to - O365/AAD services and then the NAS as it would probably be using local authentic... Read More

Is it possible to use the Google Authenticator iOS app with Office 365 MFA instead of the Microsoft Authenticator app?

 

I tried adding to Google Authenticator with both QR code and manually but got failures each time.

811 Views
3 Replies

No, as it only supports Google's MFA, afaik.

We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will st

... Read More
695 Views
30 Replies

Hi, 

Many of our users have set a site, library or folder as favorites in File Explorer which connects through webdav(?) to SharePoint. As we are using SSO, users don't g

... Read More

Hi,

while I do see some benefit on the KMSI feature for regular users, I would prefer to have privileged admin accounts be prompted for MFA Login in their browser profile

... Read More

We are using Power BI with a Web app and this web app is embedded reports in Salesforce.  As soon as this was implemented, we started getting these dialog boxes, so the r

... Read More

Okay, but what if that is entirely undesirable behavior in half of your use cases?  When my users are on their personal computers, this is a good thing.  When they are us

... Read More

Hi, we are using a Federated domain With local ADFS. Before this change, single signon worked without any questions when we are logged into the local domain.

 

Now, after t

... Read More

 

Hi All,

I need some help here..!!

I'm looking for a way to grant access to Azure AD reports ( Suspicious logons, Logins from Risky Ip's etc) under Office 365 admin console to members from security/compliance teams.

 

To be precise, I'm trying to give access

... Read More
90 Views
7 Replies

Try assigning the newly introduced "Reports reader" role. If that doesn't work, you can also try assigning the "ViewOnlyAuditLogs" role in the Exchange Admin Center (yes,

... Read More

Hi,

 

We have recently enforced Exchange Online (EXO) conditional Access to Outlook 2016 clients on Windows Machines ( that use Modern Authentication) to allow access  only to Azure AD Joined devices.

 

After this change, a few users have reported issues in c

... Read More
767 Views
5 Replies

You probably have stored credentials under Cred manager that Outlook reuses. Try removing them, see what happens.

Today we’re announcing a feature that should make your users’ lives much easier. With the new Windows 10 Fall Creators update, users with Azure AD-joined (AADJ) devices can now see a “Reset password” link on their lock screen to reset their passwords.

 

 

... Read More
143 Views
0 Reply

So here is a dilemma we are currently in.  We are in the process of rolling out MFA to our user base and have close to 60 locations all with different egress IP's.  We want to bypass MFA when the user is connected to the corporate network, but the problem

... Read More
284 Views
7 Replies

Hi Derek,

 

aren't you able to use "Supernetting" (combining multiple networks into a larger network, which is only a representation but does not reflect the physical netwo

... Read More

If you have EMS licenses you could do device-based MFA bypass instead of network-based. The idea is that all networks are treated as hostile these days, there is no inter

... Read More

I assume you're talking about Azure MFA? Then you are indeed a bit limited although the limit has been discussed a lot lately, so I expect Microsoft to address this in th

... Read More

We were a bit surprised to find out that a regular user can see the list of all devices using portal.azure.com 

 

They can see the name and owner of the device, the OS version, when it was activated. Most actions are greyed out, but Disable and Remove aren'

... Read More
42 Views
1 Reply
Have you checked out the option to restrict access to the portal for non-admin users? In Azure AD User Settings you will find the setting for “Restrict access to the Azur... Read More
Best Response confirmed by bart vermeersch (Regular Contributor)

How I can configure CompanyMultiNationalEnabled for my AAD? When want to set it up with Set-MsolCompanyMultiNationalEnabled it gives me an error.

 

Thanks

Stefan

108 Views
5 Replies

You need the 1.1.166.0 version of the MSOnline module: http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185

 

And, this is still in Preview

... Read More
What error are you getting?

Does the ‘Domain Join’ checkbox in Azure AD Conditional Access require Azure AD Domain join, or does it mean on-premises Domain Join? The attached screen shot says ‘Not Azure AD Domain Join’ but the documentation shown in the screen shot seems to contradi

... Read More
589 Views
10 Replies

I think they have finally updated the Grant control in the conditional access policy to make it clearer. The desired conditional access policy will only work if the devic

... Read More
Correct, that would be on-prem AD domain-join.
Why it's confusing is because it's possible to have on-prem AD domain-joined PCs automatically register and enroll with Azur... Read More
Best Response confirmed by Joe Stocker (Contributor)

Hi all, I've a question about setting up Azure AD Connect and maintenance of Exchange Online.

We're a MSP with allot of customers running an on-prem AD and using Exchange Online (Office365 bundles) for their e-mail.

For the convenience of the end-users we w

... Read More
92 Views
4 Replies
Thanks all. This is also a problem for us as MSP because we now have to maintain an extra server with its complexity. But we will be patiënt!

If all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-pre

... Read More
Best Response confirmed by Joris van der Sligte (New Contributor)

It's a very common ask, but unfortunately there's no other way. At least for the time being, if you want to manage/sync password from your AD, you have to do the manageme

... Read More

Device-based conditional access is one of the hottest features in Azure AD and is growing at a rapid pace.

 

Today, we're excited to announce the general availability of a set of capabilities for device- and app-based conditional access that many of you h

... Read More
219 Views
0 Reply

If you follow the blog, you know that Microsoft supports a wide array of options for connecting an on-premises directory or IAM solution to Azure AD. In fact no one in the industry gives customers as many options as we do.

 

So it’s not surprising that on

... Read More
404 Views
2 Replies

Over 7% use legacy sync tools.

 

Suggestion: Those customers should receive an email to the Tenant Admins to Upgrade to AD Connect.

More like an advertisement for Ping... :)

Hi

 

Let's say I have setup following settings.

 

Azure AD - Users and groups - Device settings
Maximum number of devices per user: 5

 

Azure Intune - Device enrollment restrictions - Allusers - Device limit

Specify the maximum number of devices a user can enroll

... Read More
101 Views
2 Replies
Hi,
Try to go on old azure portal (https://manage.windowsazure.com)
select Active directory
select your domain
select configure
Find 'Maximum number of devices per user'

Read More

What I am trying to accomplish is removing Skype from a user. I have removed Skype license directly from the user, but I have Inheriting licenses from a group that includes Skype. It appears that the Inheriting licenses from a group is overwriting anythin

... Read More
60 Views
2 Replies

If you have different requirements then you'll need to have different groups set up to handle the license assignments. There's two ways you could do this:

 

1) Have one gro

... Read More

No, it's detailed in the documentation:

 

When a user inherits a license from a group, you can't directly remove or modify that license assignment in the user's properties.
... Read More
Best Response confirmed by Colton Lacy (New Contributor)

Hi, I have just deployed a couple of Server 2016 boxes connected to Azure AD to test some DFS configurations.

 

It appears that DFS-N (AD integrated) and DFS-R both require permission's in AD that are not provided by Azure AD.

 

Anybody know if this is docume

... Read More
36 Views
0 Reply

A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that

... Read More
1,184 Views
11 Replies

Is there a way to force my tenant to the new login experience? If not what is the current timeframe for when this will be rolled out?

 

Thanks

Sean

Read More
Can I enable/disable this preview from OWA? I believe that I did not allow it first time I was presented with the option - and have not been prompted again.
BTW... Users h... Read More

 

Something that is not clear to me is how this interacts with ADFS?

 

Does it makes a difference if you tick the checkbox before one is redirected to the internal ADFS log

... Read More

and you thought replacing a simple checkbox with an extra annoying pop up dialog box is good because of what again?! people want to move away from sign in page as quickly

... Read More

I need to get a list of all cloud only accounts (onmicrosoft.com).  I can see in Azure AD User Reports the Source field will help narrow this down for me as we sync our on-prem AD to the cloud, so those have a Source of 'Windows Server AD' and the cloud a

... Read More
61 Views
2 Replies

If you're using the newer AzureAD module:

 

Get-AzureADUser | Where {$_.DirSyncEnabled -ne $true}

Interestingly, the values appear to be either "True" or "null", not "False.

... Read More

You can use something like this:

 

 Get-MsolUser | ? {-not $_.LastDirSyncTime}

Hi,

A bit of an interesting use case here, we're looking at leveraging an Azure B2C directory as another claims provider in ADFS 2016 to access a federated parties resources over a federation trust setup with their ADFS system.

 

I've been checking on resour

... Read More
50 Views
3 Replies

Are you you setting SharePoint or a general web app as the relying parting?

 

I am interested in your use case with Azure AD B2C. I tried with Azure AD with ADFS 2016 again

... Read More

ADFS 4.0 only has OpenID Connect downstream not upstream so this can't be done natively.

 

You can use a bridge e.g. idsrv or Auth0.

 

Just FYI: With the new custom policies

... Read More

Greetings all. I’m working with a client that had an existing forest synced to O365 without issue. The client has a compliance mandate that required creating a separate forest and creating certain existing users in the new completely separate domain. Thes

... Read More
78 Views
2 Replies

If I've understood correctly I very much doubt this is supported, from a IDM perspective user v account is a 1:1 relationship.

This looks awesome - simplify licence management for Office 365, EMS, Dynamics 365 and more with the new group-based licensing preview in Azure AD:

 

Microsoft cloud services such as Office 365, Enterprise Mobility + Security, Dynamics CRM, and other simila

... Read More
2,733 Views
30 Replies

Hello, 

as I understand it is still in public preview. So my question, do you have a timeline when group-based license management will be GA? And how quick will it be avai

... Read More
Spoiler
 

Is it also possible to get an export from for example all the users with the E3 license?

Read More
So I have set up a few AD groups that we will use to apply the licenses.

I have also set up a powershell script set up that will clear membership of those groups and refre... Read More

Greetings all,

My question is specifically in regards to end user licensing in the Education Sector, which is needed to use Azure AD Group Based Licensing.

 

Going by Source

... Read More

So this is super exciting, tested it out, works amazingly.

Two questions:

(1) Even though it is considered "public preview", any reason that we should not consider taking a

... Read More

I have an enteprise with thousands of users with EMS E3 licenses.  The finanance department is a critical space, and they have 500 people working on that department.

 

They want to purchase EMS E5 license and assign them to those 500 critical users, to take

... Read More
240 Views
3 Replies

Hi,

Regarding my experience It should work with Conditional Access policy and targeting policy to group which contains users who has EMS E5 license.

 

Risk based signing was

... Read More

Hi,

 

We are trying to configure Azure Active Directory integration with SuccessFactors using this Tutorial:

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-successfactors-tutorial

 

But after we have done all the steps we are ge

... Read More
55 Views
0 Reply