Azure AD
419 TopicsVisual interactive map to show people and their locations (and other details)
Hi all, I work for a major law firm in the US and work closely with many attorneys, from different offices. My team and I are trying to build an interactive map that will show the attorneys locations and which department they belong to. The purpose of this is well, 1. To optimize partners visits when traveling to other offices and 2. To keep a dynamic record of this information. And hoping this is something we can escalate to client level later. Has anyone worked on something similar before, if so, which apps within the 365 realm will be my best partners? I am betting on Power BI but curious to see if anyone has worked with something different. Thanks in advance.14Views0likes0CommentsHow to Replace Group Owners When They Leave the Organization
Deleting an Entra ID user account can result in ownerless groups if the account being removed is the only group owner. Before deleting accounts, it’s a good idea to proactively replace group owners. This article explains how to replace group owners in the fastest and most scalable manner using the Microsoft Graph PowerShell SDK. https://office365itpros.com/2025/01/20/replace-group-owners-powershell/15Views0likes0CommentsCA policy for corporate devices
I would like to create a conditional access policy to block all non corporate devices from accessing Office 365 resources. I created a policy: Applies to -> User Group Applies to -> all resources Applies to -> Win 10 Filter for devices exception-> Ownership: company & trust type: Entra Hybrid joined. Action: block The above works fine for office desktop login, i.e. blocks non corporate devices and allows corporate devices. However, a side effect is that sign ins from browser on a corporate device is still blocked.56Views1like7CommentsFinal Days for the MSOnline and AzureAD PowerShell Modules
After many twists and turns since August 2021, the MSOnline module retirement will happen in April 2025. The AzureAD module will then retire in the 3rd quarter. The interesting thing is that the MSOnline module will experience some planned outages before its retirement. It’s way past time to upgrade PowerShell scripts. The question is whether to use the Entra module or the Microsoft Graph PowerShell SDK. I know which option is best and explain why in this article. https://office365itpros.com/2025/01/15/msonline-module-retirement/43Views0likes0CommentsCannot reset password for user converted from Active Directory synched to cloud only
Hi everyone, Checking the audit logs of few involved users we notices the same error: Synchronization Engine returned an error hr=80230405 message=The operation failed because the object cannot be found OnPremisesAgent: AADConnect This error sounds strange to us since we are talking about Cloud-Only resources with no entry in the AD-DS system. Thanks.Solved1.2KViews0likes7CommentsMicrosoft O365 Auto Login
I want to set up auto-login for the O365 desktop application. When a user logs in to an on-premises AD-joined device, the O365 application should automatically log in with their AAD credentials. I have an AAD subscription, and user sign-in is configured with password hash synchronization. Additionally, I have enabled SSO on the Azure AD Connect application. Please note that the end-user devices are not Azure AD-joined.94Views0likes2CommentsDynamic group based on custom security attribute
Can anyone answer this question. Can or should i be able to create a Dynamic group filtering on a customer security attribute. Yes I know you can filter based on extenstionattribute1-15 however i have noted that accounts create in Entra don't appear to have the option to view extension attributes plus these come from an on prem created account. So the questions are: Can I create a dynamic group using a custom security attribute and if so how because the custom attributes don't show up in the Property options when creating the dynamic group query How can I add to the extension attributes for non on prem sync accounts (accounts created in Entra)33Views0likes1CommentMicrosoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?30Views0likes0CommentsCan't use a SPN in a PowerBi dashboard to access SharePoint lists
Hoping you can help with an ongoing issue I have. I have a PowerBi dashboard I built using regular account to fetch some SharePoint lists and uploaded it to PowerBi for others to view Now in PowerBi portal I want to change the credential from my account to an SPN. I've read what feels like a thousand articles describing the process to create the SPN 99% all the same. Yet when I go into Powerbi portal, edit the semantic model for the dashboard, click edit credentials, select Service Principal put in the tenant ID the Service principal ID (yes using the app id, in fact I tried everything) the service principal key (the secret) and choose any privacy level it fails 100% of the time. Error is: Failed to update data source credentials: The credentials provided for the SharePoint source are invalid. Same error regardless of what privacy level I choose. I'm sure the secret is correct also. Just for fun I tried the Secret ID and the Object ID in place of the Application ID for the Service principal ID field. All failed same error. I'm sure the secret is correct also. The SPN has Graph sites.read.all, Graph user.read and SharePoint Sites.Read.All api permissions configured. All are consented. Everything seems right but gives me the error failed to retrieve oauth token 100% of the time. Am i missing something else? More API permissions maybe? Do i still need ot actually add the SPN to the Sharepoint site itself even though I has API permissions SharePoint Sites.Read.All? I've done days of research and all I find is lots of people with same or similar issue but not resolution. Is this a bug? Help me I'm desperate to get this fixed or I'm going to have to allow people to bypass MFA across my organization which I cant have.36Views0likes0CommentsPractical Graph: Combining Sign In Activity and App Detail in a User Report
Often tenants create user sign-in reports based on the sign-in data held in user account properties. This article explains how to supplement that information with insights about the apps users sign into using sign-in audit logs. The combined information is more valuable than simply knowing when someone last successfully signed in. https://practical365.com/sign-in-audit-logs-app-report/208Views0likes0Comments