User Profile
colonel_claypoo
Iron Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Dynamic group membership rules stopped working
We've been using the following the following dynamic membership rule to check if a user is a member of another group: user.memberOf -any (group.objectId -in ['2b930be6-f46a-4a70-b1b5-3e4e0c483fbf']) The group is an Active Directory group that is represented in Entra with the stated Entra group object Id. The validation fails for every user and looks like this: It seems that all out dynamic groups are affected and stopped working. Have you seen this before? Thanks.Re: Connect-ExchangeOnline - Unauthorized
VasilMichev Couldn't find the role in Entra. Only way to assign the role was through this PowerShell and not what is in the documentation. Here're for future use in case anyone stumbles over it here: # Connect to Azure AD if not already connected Connect-AzureAD # Get the service principal for Exchange Online $exchangeServicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq '00000002-0000-0ff1-ce00-000000000000'" # Find the Exchange.ManageAsApp role $appRole = $exchangeServicePrincipal.AppRoles | Where-Object {$_.Value -eq "Exchange.ManageAsApp"} # Get your application's service principal $servicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq ''" # Assign the role to your application New-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId -PrincipalId $servicePrincipal.ObjectId -ResourceId $exchangeServicePrincipal.ObjectId -Id $appRole.Id Thanks for your help.Re: Connect-ExchangeOnline - Unauthorized
VasilMichev Oh yeah, that's right. Now one step further. I'm getting this error upon connecting: Connect-ExchangeOnline -CertificateThumbprint $thumbprint -AppId $appId -ShowBanner:$false -Organization $tenant -Verbose VERBOSE: Returning precomputed version info: 3.4.0 VERBOSE: ModuleVersion: 3.4.0 VERBOSE: [ThreadID: #] Trying to get a new token from AAD VERBOSE: [ThreadID: #] Trying to acquire token based on UI flow VERBOSE: [ThreadID: #] Successfully acquired new token for Cert based flow. VERBOSE: [ThreadID: #] Successfully got a token from AAD VERBOSE: ConnectionContext Removed OperationStopped: The role assigned to application 6eb9890f-dbeb-4e6d-b2fb-2e4c698fa7c0 isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication. If the cert was wrong i.e. not match between Windows and Azure cert stores the error would read: Do you have an idea? Thank you.Connect-ExchangeOnline - Unauthorized
I've been searching for a solution for this error message for a couple of days now - to no avail. Connect-ExchangeOnline through certificate always throws 'Unauthorized'. UnAuthorized At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.5.1\netFramework\ExchangeOnlineManagement.psm1:766 char:21 $tenant = '' $appId = '' $thumbprint = '' Connect-ExchangeOnline -CertificateThumbprint $thumbprint -AppId $appId -Organization $tenant I tried: multiple machines certs in Cert:\CurrentUser\my\ and Cert:\LocalMachine\my\ Certs are installed in the Azure AD App multiple networks PS 5.1 and 7.2 ExchangeOnlineManagement Module versions 3.4.0 through 3.5.1 And I tried the following Graph API permissions: As mentioned Exchange.ManageAsApp API permission does not exist any longer hence the issue. Has anyone figured it out yet?Soon no profile pictures in SPO User Profile Service anymore?
Anyone seen this yet? We have Intranet solutions that use the LocalPeopleResults result source for search in combination with the classic user profile pictures hosted on https://[tenant]-my.sharepoint.com/User%20Photos Couldn't find anything regarding this in the M365 Admin Center message feed, unfortunately. Does anybody know how to handle this in the future?Re: Can SharePoint Search read Office file properties?
Paul de Jong Thanks. But that's strange. My SPO tenant doesn't seem to have ows_Office crawled properties. Aren't ows_ properties only those for which columns in document libaries were created? Here's where I was looking: https://[]-admin.sharepoint.com/_layouts/15/searchadmin/ta_listcrawledproperties.aspx?level=tenant And in the mapping popup for the managed property itself: Any idea?Can SharePoint Search read Office file properties?
The title does not refer to files stored on SharePoint. I would like to know if Office file intrinsic metadata can be included into the SharePoint Search index. Especially when a file was created (not on SharePoint) but in the Office App, see: Is that possible?Renaming Sharepoint security group labels?
I've always found the description labels of the site security groups insufficient and misleading. Do you know if this can be changed? I know how to create new security groups and map them to either of those three. But no end user will ever be able to tell what he can actually do or don't do with his membership in a group. Any ideas? Thanks.Profile Pictures not updating
We're using a PowerShell script to update Teams/Outlook user profile pictures via Set-UserPhoto. Unfortunately, all too often users report that they don't update for them or others. We've identified that this is usually due to the Teams desktop client's cache. Clearing it solves the issue. The Teams client also caches general user information locally. Some data, such as display name and telephone number, can be cached up to 28 days in the client. Profile photos can be cached up to 60 days. This is unsatisfactory. Do you know of a way to not have to do this? ThanksRe: My favorite Conditional Access policies to implement (part one) - Blog Post
Hey, one thing I noticed is that using such a policy to restrict copy/paste/print seems to only work for the Word browser app, for example. Once a user clicks to edit the file in Word Desktop it stops working. Can you confirm that? Thanks.
