Azure AD Sync Error 0xcaa10001 in access work or school settings
Hi everyone I have a problem with my AAD connection on my BYOD. Has anyone seen this error code and managed it to solve? It is an annoying error. Around 3-4 times a day I also get a toast notification that prompts me to fix the accounts I'm using on my device. Have a look on the attachments. I have an Education and a Work Account and most times it works all but I want to solve this issue, so that the notification disappears. My BYOD is AADR, and I signed in first with my Work account so the policies from my work applies on the device. I can also make an RDP Connection to my AADJ Desktop at my work, so I think the registration process worked fine on my BYOD. Also in the Apps that are using one or both of my business accounts I exprience no problems. I can't find any related discussions or docs to this error. Btw I'm a Global Admin at my work so if anyone has a solution which requires admin privileges, I got it. Thanks for every reply ❤️
Unable to delete/cancel Azure AD Premium P2 trial activated for 'Default Directory' tenant on Azure
Hi MSFT, I had activated a free trial Azure subscription over a month ago. Along with that, I also enabled the free trial for Azure AD Premium P2 on the 'default directory'. Near the end of my Azure trial subscription, I converted it to the pay-as-you-go model. At that point, I tried to cancel my Azure AD Premium P2 trial however I was unable to. I never created a user account on my active directory that would use the P2 license, the only account I have and had on there with global admin role was my personal email address 'xxxx@hotmail.com'. When I tried to delete my tenant, I get the error on the 'subscription' and 'microsoft azure' lines stating i need to delete all license-based subscriptions and azure subscriptions associated with it. It has been more than 7 days since I deleted the Azure subscription. See attached. I am unable to delete the Azure AD Premium trial information from anywhere as it seems it requires an organization ID associated with that tenant. I can't logon to the O365 admin portal referrred in the help document referenced there: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-delete-howto#prepare-the-directory Can someone please provide any support on this matter? Am I going to get charged automatically after the trial ends for the Azure AD Premium trial ends? Does my account go back to being 'Azure AD Basic' after the trial ends..? Do i perhaps need to create a user ID on 'xxx@onmicrosoft.com' etc with global admin rights and then go in the O365 admin portal via that and cancel it...?
Azure B2C - SSO - Teams
Morning everyone, I'm trying to understand the feasibility of an integration between: external website, Azure B2C, SSO and Microsoft Teams. The idea is the following: users land on website, where they register/auth via SSO offered by Azure on an external identity provider. Once their account is stored on the website ( and eventually on Azure B2C ), they should be able to login to Teams with the account they used to register/signin via SSO. I know that accounts inside a standard Azure Active Directory can access the same domain/tenant via Microsoft Teams. Can we do the same if the Directory is a B2C directory ? About the B2C & SSO, this is the setup: Azure B2C Directory Custom app registered into the Azure AD ( used to interact with Azure AD via Microsoft Graph API ) SSO using external identity providers ( like Google, Microsoft, Facebook, etc. etc. ) Let's say everything is already set up ( connections, user flow, policies, etc. etc. ). Now this is my sample flow: new (unknown for both system, Azure and owned system ) user lands on external login use choose login via one of the available identity provider let's say he will use google ( for example ) will insert google credentials email+password user will be authenticated via SSO offered by Azure B2C OIDC token and data is transfered to final endpoint configured by the application/user flow/policies Now what I don't get is : Does the B2C Directory register and store this user by itself once they register/signin via SSO? Is the SSO related somehow to the Azure Users or it is a simple SSO system offered via Azure? Since Teams allows login mainly from members under the domains list of the Azure Directory, how would be possible for a user with ( sample ) a google.com email to login into a custom Teams, related to the B2C Directory? Will be able the custom app, registered in the Azure B2C Directory, to access users via Microsoft Graph and eventually act "as user" via the SSO token using the Delegated permission I stared my study here : https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview but there's no precise explanation about how the process work underneathCustom Template for WVD - "Add computer to AD Group" upon joining the domain
Hello All, We have a tricky scenario with our WVD deployments wrt GPO's that are being applied to session hosts upon joining the domain and OU. We deployed a DNS Server in Azure with Conditional forwarders for our ON-Prem Domain and a forwarder for Public DNS and configured this Azure hosted DNS IP on our WVD-VNet. This ensures that all domain requests and internet access in handled locally by this Az-hosted DNS server. However, the GPO with DNS Settings - updates the VNet inherited DNS IP to On-Prem DNS server on WVD SessionHosts once they are joined to domain in a specific OU. The On-prem DNS server doesn't resolve any WVD URL's due to security policies in place. This is blocking WVD Agent from updating to 1.0.2990.1500 version (not sure why the previous version - 1.0.2800.2800 is first chosen and upgraded to latest) and getting stuck as On-prem DNS / FW doesn't allow any internet traffic. Now we got further info from our AD team. A scheduled script is executed that adds the computers added to our WVD-OU to a unique WVD-Computer group on which DNS-GPO is disabled/not applied. The issue here is, once the machine is added to domain-OU and reboot is done, by the time script is executed to add these computers to WVD-computer group, DNS policy is getting applied and machines are assigned with On-Prem DNS IP's. Even is the script is run and session host is added to WVD-group, a gpupdate isn't reverting the DNS on session hosts. We are being forced to manully update the adapter settings / change the nic in portal to make the sessionhost use Azure hosted VM --> complete upgrade process --> become healthy/available. Seeking few solutions here 1) to get a custom template (if any) to add the computers to WVD-group directly while joining the domain 2) any workaround/automation to update VM nic Any suggestions would be greatly appreciated. Thanks, PK
