User Profile
starbuck3k
Brass Contributor
Joined Oct 07, 2021
User Widgets
Recent Discussions
Re: Users not receiving 'Comments' notifications on Planner Tasks (Teams)
Hello, We are now getting pressure from senior management asking us to provide and support another platform mainly because they know they will not get notifications if they use Teams Planner for task management. Has anyone seen a change or roadmap item which could let us think that Microsoft is working something about this limitation?9.9KViews1like2CommentsConditional access for Microsoft 365 admin centers
A client would like to enforce sign-in frequency and trusted location for access to any of its Microsoft 365 admin centers (e.g., SharePoint AC, Teams AC, Exchange AC, Security AC, Compliance AC, etc.). Is there any way to enforce these restrictions through conditional access policies and without specifying "All cloud apps"?1.1KViews0likes1CommentRe: In conditional access, what is included in "Microsoft Azure Management"?
Thank you Christian for the link. Based on what I read, Microsoft 365 admin centers are not covered by a conditional access rule that specifies "Microsoft Azure Management" as the cloud app. It seems that access control to these centers it is purely role based and we can assume there is no need to govern their access by any other means than role assignments.9.9KViews0likes0CommentsRe: AAD shows source of the Directory Synchronization Service Account as "Windows Server AD". Why?
VasilMichev: thank you for your reply. I can't, I only have access to my customers' tenants. I noticed the same "source" at two different/independent locations, other tenants show it as a azure AD sourced account.1.5KViews0likes0CommentsIn conditional access, what is included in "Microsoft Azure Management"?
Microsoft recommends creating a policy that requires MFA when accessing the Azure administration portal (https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-azure-management). For this to work, the cloud app "Microsoft Azure Management" must be specified in the included scope. However, the documentation does not give any indication on whether or not the various Microsoft 365 administration centers (e.g., SharePoint admin center, Exchange Admin Center, Teams Admin Center, Security center, Compliance center, etc.) would be impacted by this. Should additional rules be created for Microsoft 365 administrative centers or should they be considered "Microsoft Azure Management"? If anyone has a Microsoft documented source on this that would be immensely appreciated.Solved11KViews0likes2CommentsAAD shows source of the Directory Synchronization Service Account as "Windows Server AD". Why?
TLDR: Why does Azure AD show the "directory synchronization service account" created during the installation of Azure AD Connect with a source set to "Windows Server AD"? In Azure AD, when I browse the synchronization account created during the installation of Azure AD Connect, the account "Source" shows as "Windows Server AD", as shown below: To reproduce on your tenant: - From the portal, select the Azure AD module. - In 'Users', identify the on-prem directory synchronization service account (typically starts with "Sync_"), - Copy the object identifier - Return to the 'overview' blade - In the "Overview" tab, paste the object identifier in the "Search your tenant" input box - A popup should show the account, click on it - The profile page of the account should show (p.s. if you know a better way to access this detailed profile page, I am interested 🙂 - Under "Identity", click "View more", two attributes appear (Directory synced, and Source). I would have guessed that the synchronization account would show its source set to "Azure Active Directory", but the interface indicates that this account was created in the Windows Server, then synced. As I understood it, Azure AD Connect requests a GA account during installation in order to provision a synchronization account directly into Azure AD. If am I right, why would this account reside in the on-prem server as its "source"? I could not find an explanation to this in the documentation, and I guess I am missing something to fully understand how AAD Connect works. Any help will be greatly appreciated!1.6KViews0likes2CommentsRe: Teams call controls on jabra headset not working
Also experiencing the issue: both USB connected speakers and bluetooth headsets regularly stop functioning while using Teams on my work laptop (Windows 10). I cannot reproduce the bug intentionally but it seems to be triggered usually after I end a meeting. The devices work: simply unplugging them and plugging them into my personal computer (Windows 8.1 / USB link) or connecting them with Bluetooth on a smartphone and they work perfectly again. Some time ago I could open an administrator console and enter "net stop windows audio / net start windows audio" and the device would work again. Since a few months, this has stopped working also and I have to reboot my laptop each time. This happening to my colleagues also and we started using Telegram instead for calls.29KViews0likes0CommentsRe: How to reach admin center from tenant Y when not admin in tenant X?
Thank you for replying. Unfortunately that would not work: the problem is not caused by conflicting sessions but the admin center does not let you in if you are not given permissions into your own tenant administration console first. This is a different behavior that the Azure console, which lets you in without giving you access to your tenant's resources but you still can reach the "switch directory" button to initiate the switch.9.2KViews0likes0CommentsRe: How to reach admin center from tenant Y when not admin in tenant X?
Hello, I am not sure the rule you mentioned works entirely: as an external user granted with global reader role, I was still able to enter the SharePoint admin center. I think this is due to the fact that there is a uniquely identifying URL available (tenantname.admin.sharepoint.com) for each tenant. I think this is not caused by credentials or user type, but with a limitation in the admin centers that are reached through a unified url (e.g., admin.microsoft.com). You get pushed out of the site without ever being given the opportunity to switch tenant. I was hoping for a way to specify the tenant in the url (e.g., "?tenant=<guid>" or ?tid=<guid>"), like when you log in through PowerShell, but could not find one that works.9.2KViews0likes0CommentsRe: Microsoft Teams not closing document
Thank you Chris for your reply. I thought that whether a document is hosted in the cloud or on a "regular" server does not make things different: I still "open" and "close" the document, and the server allocates more physical resources when the document is "opened" than when it is not. If what you say is true, would that mean that cloud servers require much more computing resources to hosts 1'000 documents than regular servers? (you seem to say they are always "open") Same goes with the "save" function. I cannot find a technical requirement or constraint that makes this specifically a "cloud" feature. I have seen many applications implement continuous saving without the cloud, for decades. A good example of this is Onenote. Wouldn't this contradict what you proposed? On the other side, I also think it is not a good practice to tell users to just accept things as they are and get used to it when they notice something wrong. If a user interface shows a button labelled "close" when a document is opened, and clicking on this button does nothing, I think it is a failure from the editor, and that should be fixed. Of course, the editor could simply remove the button, as you implied, but that would likely make users' experience even worse. Or it could make the button actually work as intended, thus letting users close a document and return to whatever they were doing before opening it. In summary, I am not sure I can agree with your proposition 🙂9.8KViews0likes0CommentsHow to reach admin center from tenant Y when not admin in tenant X?
Hello, I am a regular member in my own organization's tenant (Company X) and I have been given access to another company's MS365 tenant (Company Y) with global reader role to conduct a review. I have no problem accessing the AAD blade in the portal for both Company X (can't see much, which is normal) and Company Y (can see everything, which is normal) and there is the directory switching feature available in the top right corner. However, when entering the admin.microsoft.com page, I am shown the "sign out or switch to an account that has permission" message. It seems that this page only identifies my Company X membership, not my Company Y membership. I have read about the"All tenants" feature to help switching between tenants, but it is located inside the Admin Center, I cannot even reach that page. Any ideas on how I can "tell" the admin center that I want to be seen as a Company Y member and not a Company X member?9.8KViews1like4Comments
Recent Blog Articles
No content to show