User Identities in EntraID - how to remove?
I have a user that shows up with multiple identities. No other users are like this and we believe its stopping him from logging in with his alias email address. When i run get-entrauser it returns the following under Identities: {@{signInType=federated; issuer=MicrosoftAccount; issuerAssignedId=}, @{signInType=federated; issuer=MicrosoftAccount; issuerAssignedId=}, @{signInType=userPrincipalName; issuer=OURPRIMARYDOMAIN.onmicrosoft.com; issuerAssignedId=UPN}} Every other account just has this @{signInType=userPrincipalName; issuer=OURPRIMARYDOMAIN.onmicrosoft.com; issuerAssignedId=UPN}} How would i go about removing those identies from that user? Struggling to find any info online.
Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.LinkedIn workplace verification
Hi, folks. It's coming up to a year (April 2023) since the Verified ID preview for LinkedIn workplace verification was established. When are we going to hear something new - either progress or being scrapped? I went to the preview enlistment page and noticed that the preview is supposedly on pause - which doesn't inspire confidence that this is going somewhere. Setting up LinkedIn workplace verification - Microsoft Entra Verified ID | Microsoft Learn Is anyone on enrolled in this preview and is it still functional? Cheers, Lain
New Blog | How Tenant Restrictions v2 Can be Used to Prevent Data Exfiltration
This blog discusses securing cross-tenant access with a focus on preventing data exfiltration. It’s impossible to imagine a successful modern organization that doesn’t collaborate with partners across organizational boundaries. While cross-company collaboration empowers employees and enables partnerships, it also lowers barriers for both accidental and malicious data exfiltration. Microsoft Cross-Tenant Access Settings is designed to address security of cross-company exchange. Outbound and Inbound Cross-Tenant Access Settings offer fine grain security controls for cross-company collaboration using user’s home identity, while Tenant Restriction v2 (TRv2) can be used to prevent data exfiltration using foreign identity. Read the full blog here: How Tenant Restrictions v2 Can be Used to Prevent Data Exfiltration - Microsoft Community Hub
Verifiable Credentials Preview - Unable to add credential to wallet
I'm evaluating the Verifier Credentials Preview for possible integration with our products in the future. I'm following these directions https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer I am also using the Node JS sample app https://github.com/Azure-Samples/active-directory-verifiable-credentials-node I have been able to generate a VC and when I scan it with the Authenticator app I get a screen similar to below. The differences are my credential shows "verified" because I have a valid well-know url, but the add button is disabled. How do I enable to add button so I can add the VC to the wallet?
Trying to force credentials on a powerapps through azure AD, URL modifiers
Hello! Powerapps guy here. Tried posting this question on the powerapps community with little response. I think I might do better here. What I'm trying to do: I'm trying to find a way to force credentials for a powerapp (canvas in browser) each time a user clicks the link to open it. In this world of everyone having work/personal accounts and teams, it's anything but elegant to tell a user to open a private browsing session first to avoid account confusion. Not everyone is computer savvy and knows how to setup multiple browsing profiles, and unfortunately SSO while trying to be helpful, doesn't always make it clear for the user what's happening and why they need different credentials. It feels like a clunky hand-off for apps that are made to be user friendly. Admittedly I'm much less experienced with azure AD than powerapps. So far I've been able to do some helpful things with the URL. However they don't seem to work with the typical powerapps weblinks (I could be doing it wrong). But I know there is a solution in here somewhere. I feel close. After much searching I've mashed together a bunch of links with varying results. I registered an app (lets call it Jumper) in azure AD that I'm using as a redirect to the powerapp. I can't seem to force credentials on the raw powerapps link, but using the Jumper app authentication endpoint, coupled with &login_hint, I'm able to give a personalized link that does prompt a user with the correct credential, only requesting their password. Then it redirects to the powerapp. Unfortunately from this point the redirect to the powerapp seems to lose track of which account is using it. So if they are signed in with multiple accounts (even though they just signed into the login_hint account) it can default to another causing the app to fail to load its data. I'm guessing the prompt for credentials is only valid for the registered app. I'm wondering if the solution requires the use of tokens and if so, how might I want to set that up. Or if anyone just has a simple URL modifier up their sleeve, or powershell trick, that would allow me to force credentials with each launch of a weblink powerapp, you would be my hero. Many thanks for any insight provided. Cheers!
