User Profile
starbuck3k
Brass Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Conditional access for Microsoft 365 admin centers
A client would like to enforce sign-in frequency and trusted location for access to any of its Microsoft 365 admin centers (e.g., SharePoint AC, Teams AC, Exchange AC, Security AC, Compliance AC, etc.). Is there any way to enforce these restrictions through conditional access policies and without specifying "All cloud apps"?AAD shows source of the Directory Synchronization Service Account as "Windows Server AD". Why?
TLDR: Why does Azure AD show the "directory synchronization service account" created during the installation of Azure AD Connect with a source set to "Windows Server AD"? In Azure AD, when I browse the synchronization account created during the installation of Azure AD Connect, the account "Source" shows as "Windows Server AD", as shown below: To reproduce on your tenant: - From the portal, select the Azure AD module. - In 'Users', identify the on-prem directory synchronization service account (typically starts with "Sync_"), - Copy the object identifier - Return to the 'overview' blade - In the "Overview" tab, paste the object identifier in the "Search your tenant" input box - A popup should show the account, click on it - The profile page of the account should show (p.s. if you know a better way to access this detailed profile page, I am interested 🙂 - Under "Identity", click "View more", two attributes appear (Directory synced, and Source). I would have guessed that the synchronization account would show its source set to "Azure Active Directory", but the interface indicates that this account was created in the Windows Server, then synced. As I understood it, Azure AD Connect requests a GA account during installation in order to provision a synchronization account directly into Azure AD. If am I right, why would this account reside in the on-prem server as its "source"? I could not find an explanation to this in the documentation, and I guess I am missing something to fully understand how AAD Connect works. Any help will be greatly appreciated!How to reach admin center from tenant Y when not admin in tenant X?
Hello, I am a regular member in my own organization's tenant (Company X) and I have been given access to another company's MS365 tenant (Company Y) with global reader role to conduct a review. I have no problem accessing the AAD blade in the portal for both Company X (can't see much, which is normal) and Company Y (can see everything, which is normal) and there is the directory switching feature available in the top right corner. However, when entering the admin.microsoft.com page, I am shown the "sign out or switch to an account that has permission" message. It seems that this page only identifies my Company X membership, not my Company Y membership. I have read about the"All tenants" feature to help switching between tenants, but it is located inside the Admin Center, I cannot even reach that page. Any ideas on how I can "tell" the admin center that I want to be seen as a Company Y member and not a Company X member?
