Forum Widgets
Latest Discussions
AD B2C - Custom Policies - Evaluate custom extension
Hi! I am using Custom Policies for our AD B2C Application. I want to use this custom extension on my users: AlwaysMFA: boolean The extension is set on some users, but not all. I have a trouble of writing the logic since the profile keeps executing even for users what does not have the attribute at all. This is the logic: <OrchestrationStep Order="10" Type="ClaimsExchange"> <Preconditions> <Precondition Type="ClaimEquals" ExecuteActionsIf="false"> <Value>extension_AlwaysMFA</Value> <Value>True</Value> <Action>SkipThisOrchestrationStep</Action> </Precondition> </Preconditions> <ClaimsExchanges> <ClaimsExchange Id="PhoneFactor-Verify-Blacklisted" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" /> </ClaimsExchanges> </OrchestrationStep> How should I write it to handle both the true, false and "notset"? The documentation does not say anything about this.
How to solve issue: Incorrect worker runtime specified for function app (AZFD0013)?
Hi, (I apologize if this post is placed incorrectly within the community.) we've used appStart/Stop VMs during off hours - V2 (GitHub - microsoft/startstopv2-deployments) (Start/Stop VMs during off hours - V2 - Microsoft Azure) It worked without any issues, but 8.10we received the notification described in the article: AZFD0013: The configured runtime does not match the worker runtime metadata found in the deployed function app artifacts. - Azure Functions | Microsoft Learn. In the notification it was written: We have a new Functions recommendation for startstopvm23dvt65bpvxrmw Incorrect worker runtime specified for function app We've noticed that your function app (**startstopvm23dvt65bpvxrmw**) is configured with the FUNCTIONS_WORKER_RUNTIME setting as "dotnet-isolated", but expected value for the deployed application payload is "dotnet". This is an unoptimized state which limits performance and may impact application reliability. To help detect this, you may now see the AZFD0013 event raised at the Warning level in your logs. This will be raised to Error level in a future update. To ensure your app can run properly, for its current payload, you should set the FUNCTIONS_WORKER_RUNTIME value to "dotnet". You must also update any deployment automations you have, such as templates or CI/CD pipelines, so they specify the correct value as well. Please seehttps://aka.ms/functions-invalid-worker-runtimefor more information. If I understand correctly, our FUNCTIONS_WORKER_RUNTIME is set to "dotnet-isolated", and we should reset it to "dotnet" But in the GitHub documentation I found: August 19, 2024Start/Stop v2 has been migrated to the.NET 8 isolated worker model. https://github.com/microsoft/startstopv2-deployments?tab=readme-ov-file#upcoming-or-recent-updates-to-startstop-v2 When I checked the application settings in Azure, I also get this notification. When I look in the configuration, there it is set as it is written in GitHub -I assume this setting is correct When I look in the environment variables, and look for FUNCTIONS_WORKER_RUNTIME. So there is dotnet-isolated. But I don't know if by changing this variable, something will not work on dotnet, when the configuration is also set to .NET 8 Isolated? Can anyone advise me on how to proceed to eliminate this problem? Thanks for all the tips, tricks and advice Tom
Failed Testing Connection to ECMA Application
I've been trying to follow this guide: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/on-premises-sql-connector-configurein order to test provisioning users to an SQL-based server, I've been using the ECMA connector host for this case and an ECMA enterprise application on Entra. I have an SQL Server set up on my virtual machine running Windows Server 2022 and followed all steps up to test credentials successfully. Whenever I test credentials, it tells me my credentials are wrong on entra, even though I've ensured they aren't. I've restarted the provisioning service multiple times and recreated connectors to try to resolve this issue to no avail, please help!
Admin Consent for App but can't find it in Azure
Hi All I received an email notifying to grant or deny access to an application When I click on review request it takes me to entra admin center but under "admin Consent Request" nothing is listed. I also checked enterprise applications and its not listed there too. How do I grant this application access?
Multitenant SaaS, Enterprise Application and SCIM
Hi there, We are developing a multitenant SaaS application. The developers have produced a SCIM endpoint and we are now deploying it in our evaluation environment. The application is installed and an App Registration has been created in TenantA. We have then created the Enterprise Application in Tenants B&C using the powershell command New-AzureADServicePrincipal - but the option for SCIM is not available within the Enterprise Applications blade in each tenant. If I create an application in Enterprise Applications manually in tenants B&C, SCIM option is available, but the Enterprise Application is not tied to the App Registration in Tenant A. We are not in a position to add our application to the gallery yet (although it looks like submissions are closed to this as well). How do we get our application consumed in Tenants B&C, including allowing the creation of the SCIM configuration?? many thanks, Ian
Filtering messages based on reason code
Hi All, I have a scenario where close to 2 million Messages have to be read from MQ into ADLS via Logic Apps. I have used MQ Connector to read the messages and upload to blob, but this seems to be very slow inspite of scaling up the Logic APPS. I have tried to have parallel thread to handle this in the workflow but there seems to some issue with the parallel thread. is there a way to filter out the messages based on reason code so that i can read only if the messages exists.Microsoft Entra ID App not accessible to other organisations
Hi all, I have an external PHP-based application that allows users to send emails via the Microsoft Graph API instead of SMTP which will be deprecated soon. For this, I registered an application underEntra Appregistrations with delegated permission scopes Mail.Send and offline_access. The app is configured to allow all types of Microsoft accounts, and during testing with personal and internal company Microsoft accounts, everything works perfectly. I'm using the authorization code flow for authentication: The user logs in. The user consents to the required permissions (prompt=consent). The user is redirected back to the application with an access and refresh token. However, when a user with a external company (organizational) account tries to authorize the app, they encounter the following error after logging in: AADSTS650053: The application 'My App Name' requested scope 'offline_access, Mail.Send' which doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor. I’ve tried various configurations but haven’t been able to resolve the issue. My question is: does the external company tenant require any specific configuration, or am I missing something on my end? How can I get this working for organizational accounts if it's already functioning for personal Microsoft accounts? Any help or suggestions would be greatly appreciated. Best regards, Ricardas KauneckasappData has randomly disappeared and crashing app
Very weird issue. We store local cache for EF model in Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) Been doing this for years. We restarted the app this afternoon, and it suddenly crashed just on restart without any code changes. In debugging I found that this code is now returning an empty string, so the path to save is invalid. Why did this path suddenly cease to exist, and why on a restart without any actual code deployment? Is there some documented change to Azure App Services that would explain how to properly retrieve AppData path?
Getting error message "Invoking Azure function failed with HttpStatusCode - Unauthorized"
I have a synapse pipeline which contains a single component, an azure function activity component. The objective is to send a test JSON payload to a private endpoint using POST call. The azure function activity is configured to use the POST method and an azure function linked service has also been specified in the activity. We have a function app in premium plan, the linked service is pointing to the function app. Inside the function app, we have function which contains the main python code that makes the request. Function app stack is python and the function created inside is an HTTP trigger using V2 programming model and the authorization level selected is Function. When I debug the pipeline I am getting the error messageInvoking Azure function failed with HttpStatusCode - Unauthorized. Please support in resolving this. Thanks
