How to integrate Microsoft User Authentication using Microsoft Entra ID: A Step-by-Step Guide to Use
Microsoft Entra ID, also known as Azure AD (Active Directory), offers numerous advantages. Whether you're prioritizing security or seeking a well-organized and automated User Management system, this tool is your go-to for building a secure authentication system, be it for a web app, mobile app, or any other application.
HAADJ with Intune Co-Management
Hello, -I have HAADJ tenant with Intune Co-Management. -AD connect syncs devices only and not users to Entra (as users are third party provisioned and federated). -Devices appear in Azure then are added to group for Intune policy enrollment. Enrollment is done via GPO. -They get enrolled in Intune using Co-management with SCCM, Auto MDM enrollment with device credentials and appear in Intune as co-managed. -Bitlocker is applied via Intune on the devices to encrypt fixed data drives and operating system drives. GPO is applied to avoid backing up recovery key in AD as explained here. https://www.burgerhout.org/the-bitlocker-haadj-nightmare/ Question(s): 1-For testing, We encrypt and remove semantics drive encryption, Restart is done during removal then recovery key screen appears and key is requested to access device. Second Restart after uninstall, The Key is not requested. 2-After testing Recovery key is stored in Intune but not stored in the below location https://myaccount.microsoft.com/ -> Devices -> Manage Devices -> Select devices -> View Bitlocker Keys (It appears only in test environment where enrollment is done via User credentials as opposed to device credentials) 3-Devies in Azure under the following URL https://entra.microsoft.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId/Devices -> Show an owner when device is first moved with AD sync however later on owner is removed and the behavior is very random, However in Intune, Devices show a Primary user logged in as long as someone is logged in to office which is fine and acceptable. So what could be the reason for issue in Azure/Entra?
Map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices.
We have an on-premises Active Directory (AD) environment connected to Azure AD via AD Connect. We’ve successfully joined our devices to Azure AD using Azure AD Join (MEJ) through Autopilot. We also, using Passthrough Authentication (PTA) for Authentication and we have 3 PTA agents (Including AAD Connect) on-premises. Now, we want to grant users access to an on-premises file share (File server) while they are physically connected to the local network at the office. Each user has an individual Home Drive (H:) defined in their On-premises "Home-Directory attribute" (HomeDirectory), and we want to make this H drive accessible for any users who sign-in to a locally connected shared AADJ devices at the office (We don't want these H drives to be available for remote users). Our shared AADJ devices currently have access to on-premises share files when they’re locally connected at the office, but they don’t have access to user's home drive now. In summary, we want to map Home-Directory attribute UNC path for locally connected azure-ad joined shared devices for any individual users who sign in to these devices.
Graph API deleted user attributes and searching / filtering
Is there a way to search deleted users by attributes with the Graph API? If so, which attributes are searchable? If I need to restore an account that I don't have the id / objectid for, I have to retrieve all deleted users and then filter the results. Also, is there a way to retrieve the onPremisesImmutableID and the lastDirSyncTime of a deleted user that was federated with AzureADConnect?How to Easily Make Web Applications with Code-to-Cloud, Getting Apps in the Cloud
Are you tired of the tedious and time-consuming process of web development on Azure? Check out Code-to-Cloud, the new preview service that simplifies and streamlines the process. With Code-to-Cloud, you can create and deploy web applications on the cloud with just a few clicks. See for yourself how easy and fast it is with our videos featuring Julia Muiruri and Pablo Lopes!
Azure AD synch and different Azure AD tenants?
Azure AD is synch with Original.com which is the on-premise AD. We have another AD forest called Dev.com and want to synch with Azure AD. They each have different subscriptions. Original.com synch with "Azure AD first "and Dev.com synchs with "Azure AD second". This means that there are two different instances of Azure AD which will appear depending upon the subscription being viewed. There is no trust relationship between original.com and dev.com. Is it possible to get both original.com and dev.com to synch with the same Azure AD instance "Azure AD first"?
Join Devices using a provisioning package (.ppkg) in Azure AD - how does it work in detail?
For a project, we are checking whether there is a way to join the devices into AAD using a provisioning package. When creating a project with the Windows Configuration Designer under "Account Management" is the task for "Enroll in Azure AD" and "Get Bulk Token". Here are my questions about it: Which account do I normally used to register the token? Which rights and licenses must the account have? An enterprise app is being created, but I still must do something with the permissions? Something else needs to be done with the user that is created in AAD (package_)? Are there hurdles in sight regarding conditional access? I ask myself the questions because I tried it and failed with the following message (from the event log of the client which I wanted to integrate into AAD) Client: Windows 10 Pro 21H2, Windows 10 Enterprise 1909 (same Error) ProvXML category 'DeviceAADJoin' failed with '0x80180014' at CSP node 'AADJ/BPRT'. Provisioning failed
