Disable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Local Network Share with Azure AD Users
We're a small business of about 15 people, and have just moved to Microsoft 365 for email, and with it has come AAD user management which makes my life simple. We have some simple file shares that are managed with local accounts. I'd like to move to on-prem AD with AAD Connect, and then assign these AAD users ("email accounts") to the various folders to handle permissions. My current understanding is that AAD cant do user write back to on-prem, at all, and doing password and group writeback to on-prem requires the 'premium' tier of AAD, at $8/user/mo? This seems both very convoluted (I am doing up a PS script to pull users back from AAD) and also incredibly expensive to simple have AAD users assigned to on-prem file shares. I'm hoping occam's razor applies here, and I've missed something simple?
Recover a deleted device (PC) from AAD
Hi. We are using Intune and Autopilot to enroll new PCs. By mistake we deleted a device in Azure portal that already was enrolled. Now the user cannot login on her computer. We have tried to run “Restore-AzureADMSDeletedDirectoryObject“ in Powershell, but i says it cannot find object ID. Is there any other way around this, or do we need reset Windows 10 and re-enrol? Pretty scary how easily you can delete a device with no warnings about the consequences.Azure AD: Cross Tenant access requires multiple MFA registration?
I have an user in my home Tenant "home". This user has MFA activated. Everytime I get invited to another Tenant, e.g. "Guest1", "Guest2" I have to register for the 2nd factor on that tenant. Why is this the case? Why can't I use my "home" MFA as I do my "home" password? The usability is rather bad. Especially when one changes phones.
Check Windows Hello for Business usage for the last 30 days
I am trying to get the logs for users who is using Windows Hello for Business and I want to check if the user hasn't use the WHfB for the last 30 days. Is there a way to get this data from Azure AD and via graph API endpoint? Thanks in advance!
Get the user role from Azure AD by Laravel azure ad oauth
I am trying to get the role form Azure AD by using metrogistics/laravel-azure-ad-oauth socialiate plugin. I got the name and email and azure_id from the Azure. But I can't get the user role. My callback url output below user: array:12 [ "@odata.context" => "https://graph.microsoft.com/v1.0/$metadata#users/$entity" "businessPhones" => [] "displayName" => "Test4" "givenName" => "Test4" "jobTitle" => null "mail" => null "mobilePhone" => null "officeLocation" => null "preferredLanguage" => null "surname" => null "userPrincipalName" => "test4@xyz.com" "id" => "xyz" ] It is possible to get the role from Azure
Azure AD Direct Connect access denied
Hi. We've set up Direct Connect for the first time between two of our tenants. We've configured the External Identities -> Cross-tenant access settings exactly the same on both. But on both we get this error message when attempting to access a Sharepoint site from each tenant: Here're the settings (same for both tenants): I cannot figure out why access would be blocked as these settings seem to be the most permissive possible. Thanks for your help.
