Azure AD
219 TopicsCannot reset password for user converted from Active Directory synched to cloud only
Hi everyone, Checking the audit logs of few involved users we notices the same error: Synchronization Engine returned an error hr=80230405 message=The operation failed because the object cannot be found OnPremisesAgent: AADConnect This error sounds strange to us since we are talking about Cloud-Only resources with no entry in the AD-DS system. Thanks.Solved422Views0likes5CommentsManage PIM Role Assignments with the Microsoft Graph PowerShell SDK
This article describes how to create eligible and active PIM role assignment requests using cmdlets from the Microsoft Graph PowerShell SDK. Although the PowerShell code is straightforward, Microsoft recommends using the Entra admin center for Privileged Identity Management. But you can automate the management of role assignment requests if you want to. https://office365itpros.com/2024/11/14/pim-role-assignment-powershell/34Views0likes0CommentsWhy Are Per-User MFA Settings Available in the Entra Admin Center?
A reader asked why the Entra admin center includes an option to manage per-user MFA settings for accounts. I don’t know why Microsoft added this option, but it doesn’t take away from the strategy to enforce and manage multifactor authentication through conditional access policies. Microsoft has been very focused on CA policies for the last few years and per-user MFA will eventually be subsumed into the CA strategy. https://office365itpros.com/2024/10/30/per-user-mfa-entra-admin/66Views0likes0CommentsHow to Force Users to Sign in Weekly
A recent question asked how to force users to reauthenticate at 7AM every Monday. The solution seems to revoke access for user accounts. This article describes how to create an Azure automation runbook (PowerShell script) to find target accounts and revoke their access. By linking the runbook to an automation schedule, we can make sure that revocation happens at the desired time. https://office365itpros.com/2024/10/23/revoke-access-for-user-accounts/243Views0likes4CommentsHow to Set Directory Synchronization Features with the Graph
Directory synchronization features control how the Entra Connect tool works when synchronizing accounts from Active Directory to Entra ID. The current advice is to use a cmdlet from the depreciated MSOL module to update settings. This article explains how to do the job with the Graph APIs, including cmdlets from the Entra PowerShell module. https://office365itpros.com/2024/10/24/directory-synchronization-features/86Views0likes0CommentsPer-User MFA State Added to Tenant Passwords and MFA Report
A Microsoft Graph update makes per-user MFA state available for user accounts. Being able to access the data means that we can include it in the User Passwords and Authentication report. You can now see if accounts are disabled, enabled, or enforced for per-user MFA along with all the other information captured about passwqrd changes, MFA authentication methods, and so on. https://office365itpros.com/2024/06/14/per-user-mfa-state/845Views0likes6CommentsUnable to authenticate in Copilot Studio despite configuring in azure AD & Copilot security settings
Hello guys, I intend to setup Copilot studio to give answers from the connected SharePoint Site using Generative AI. I followed the steps detailed in these two links for setting up manual authentication https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-end-user-authentication#authenticate-manually https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-authentication-azure-ad So as per the recommendations, I have done following : -Setup app registration -grant admin consent to the app -copy the client id and secret (to paste into the chatbot configuration) -Published the chatbot after setting "manual authentication" (Requires sign in) Now when I try to interact with the chatbot (in chat window), it asks me to sign in. When I click "sign in"., it asks to copy a code. When I do that, it keeps showing the "please sign in" prompt over and over again, instead of letting me in. 1. I am already signed in to copilot studio using the intended user account 2.Here is the settings in the "Security" Section in Copilot studio 3.Here is the settings in AAD 4. However when I publish the bot, and try to interact with it, it keeps prompting me with the below screen (to enter access code to sign in). If I click "login" below, it asks me to copy a code. Then if I copy and put code into chat, it come back to below screen and it keeps prompting me same as below. 5. Also in Azure, I have ensured admin has consented following Here is scope Can you please advice what is it that I am missing?320Views0likes0CommentsThe New Entra ID Photo Update Settings Policy for User Profile Photos
A new Entra ID photo update settings policy aims to cure the mish-mash of existing settings controlling how user profile photos are updated in Microsoft 365. The new policy is based on a Microsoft Graph resource. Work is needed to update clients to respect the policy settings and take over from current controls, like the OWA mailbox policy. https://office365itpros.com/2024/09/16/photo-update-settings-policy/457Views0likes0CommentsIssue with User Account Deletion - Emails Still Being Sent to Deleted Accounts
We recently permanently deleted several user accounts from our tenant. However, we have noticed that these former users continue to receive emails from Microsoft, such as notifications about updates to the terms of service. This suggests that the accounts may not be fully deleted on your end, or there may be a synchronization issue between our actions and your databases. We would like to understand why these emails are still being sent to accounts that we have already removed. Could you please: Confirm whether the accounts in question are still present in your systems. Provide us with details on the account deletion process and any additional steps we may need to take to ensure complete removal. Assist us in resolving this issue to prevent any future emails from being sent to deleted users.325Views0likes1CommentWhy Entra ID can Restore Some Types of Deleted Groups and Not Others
The ability to restore deleted groups only covers Microsoft 365 groups. That’s an odd situation to be in given the different types of groups in Microsoft 365, and the reasons why things work (or don’t) the way they do is down to history and different teams within Microsoft. It’s logical that customers assume they can restore any type of deleted group. Microsoft needs to do some magic to make that assumption real. https://office365itpros.com/2024/08/28/restore-deleted-groups-issues/236Views0likes0Comments