Disable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Repeated requests to approve 3rd party app consent
Hello - I am coming across an issue in an environment where Azure Cloud App Admins / Global Admins are receiving repeated email approval requests to approve permissions for 3rd party apps when admin access on behalf of the tenant has been previously approved and granted. Does anyone know why this happens or a way to stop it? The tenant is configured with this: This issue occurs for multiple apps. When the second or third request from an end user comes in for the same app, I have already gone into the Enterprise App in Azure AD and confirmed that the permissions the end user and app is requesting have already been granted by an admin. Example: Thank you!
Azure AD Direct Connect access denied
Hi. We've set up Direct Connect for the first time between two of our tenants. We've configured the External Identities -> Cross-tenant access settings exactly the same on both. But on both we get this error message when attempting to access a Sharepoint site from each tenant: Here're the settings (same for both tenants): I cannot figure out why access would be blocked as these settings seem to be the most permissive possible. Thanks for your help.
Check Windows Hello for Business usage for the last 30 days
I am trying to get the logs for users who is using Windows Hello for Business and I want to check if the user hasn't use the WHfB for the last 30 days. Is there a way to get this data from Azure AD and via graph API endpoint? Thanks in advance!
Azure subscription policy
Hi, https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/manage-azure-subscription-policy there are two options to disallow subscriptions entering/leaving Azure AD. Unfortunately I don't have a test environment to test but am wondering: * Can a user create a new subscription successfully even if the subscription is not allowed to enter Azure AD? * If the answer is no, does it make sense to use the options to prevent new subscription creation? Thanks,Create Azure AD User using Graph API & HTML Form
Hi there! I have given myself a little project for the holidays. I'm dabbling in some ideas but I'm still very new at the developer side of things in the Microsoft Metaverse. Some background about me: I'm a Microsoft Certified Azure Solutions Architect & Azure Security Engineer Associate. My history with MS goes as far back as MS-DOS 🙂 I've been working mostly in the front-end side of things and only started in recent years dabbling with back-end and coding. I am by no means fluent in any developer languages but know my way around Powershell. I'm currently self-studying for the Azure DevOps Engineer Expert certification. So on to my little project... Basically, I want to create a User Signup form in HTML. The usual "First Name", "Surname", "Email Address", "Password" and "Confirm Password" fields. I've gotten this far and I have the submit button too. For the scripting I've chosen Javascript but suggestions are welcome on whether C# or another language would be easier / faster / better. Now the part where I'm at a loss is how to pass the values captured in a form using Javascript to the Microsoft Graph API to create the user in Azure AD based on the values filled into the fields. I have created the Azure App Registration with sufficient permissions as per Microsoft Documentation. User.Read.All & User.ReadWrite.All But I'm not at all clued up on how to create the Authentication Provider, Get the Access token etc. Can this be tested locally or do I need a web server? Right now I have a local HTML file that contains the form and a Javascript (.js) file with some code that I copied from Microsoft example documentation but I have no idea which values are supposed to be replaced with my values. I would appreciate any help / hint in the right direction. I apologize if this is the wrong forum for this. Feel free to point me in the right direction. 🙂 Thanks in advance! Regards, OQuestion about Azure AD Premium features and free users
Hello! We are hosting our entire business in Azure, and we are working on replacing the login functionality from a basic self-hosted username/password solution to Azure AD. To not mix our company users with our customers, we have created a brand new tenant where we keep all our customer accounts. Our customers are mostly nurses and medics, who spends most of their day taking care of people. Most of them have little to no relationship to Microsoft or computers/phones during their workday. We have a smartphone app and a web GUI that users can login to. To not confuse our users, we try to just give them their login, and for now just ignore the fact that the login prompts a Microsoft login. And so we have come to the stage where we are looking at Company Branding, which requires something higher than the Azure AD Free that we use now. The sole purpose of creating a Microsoft account to our user is so they can login to our solutions, and not to take advantage of any other Azure functionality. In our main tenant, where all users have Office, I have noticed that we can create new users without any license, who can take advantage of the Company Branding. How does this stuff actually work? And how is it supposed to work? Do we enable Company Branding simply by having 1 user with a high enough license? Are we bending the rules by having 1 licensed user and 100 free users? The only cool tool (currently) that would be nice to offer our customers is the MFA login. I can see that on the "free" user I created in our main tenant, I can process the MFA setup steps. Is this allowed? Theoretically speaking, had I given this account to a customer, the customer could have done this him- or herself too, without my knowledge (which is possibly bad configurations on our Azure tenant's end). Any help or feedback to my confusion is greatly appreciated!Azure AD: Cross Tenant access requires multiple MFA registration?
I have an user in my home Tenant "home". This user has MFA activated. Everytime I get invited to another Tenant, e.g. "Guest1", "Guest2" I have to register for the 2nd factor on that tenant. Why is this the case? Why can't I use my "home" MFA as I do my "home" password? The usability is rather bad. Especially when one changes phones.Azure AD Manual Sync using MS Graph API
Hi, Is there a MS Graph API endpoint for manually syncing details of applications in Azure AD to our application? When registering applications to our self-service application, the response of Azure AD took too long that caused a time-out on our application. I was wondering to manually sync the details to our application. Is there an available endpoint for that?
