Azure Active Directory (AAD)

1575 Topics

List all users' last login date
Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.
JakobRohde
Sep 22, 2017 Place Microsoft Entra
700KViews
1like
66Comments
Report on users with MFA Enabled
We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup). Looking at the status of users who I know have enabled MFA, it still shows Disabled for them in the Multi-Factor Authentication page (https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx).
Solved
dbetlow
Feb 27, 2018 Place Microsoft Entra
330KViews
0likes
37Comments
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the https://cloudblogs.microsoft.com/enterprisemobility/2017/08/02/the-new-azure-ad-signin-experience-is-now-in-public-preview/ and https://cloudblogs.microsoft.com/enterprisemobility/2017/09/19/fewer-login-prompts-the-new-keep-me-signed-in-experience-for-azure-ad-is-in-preview/ experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition. We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for. Read about it in the https://cloudblogs.microsoft.com/enterprisemobility/2017/11/15/the-new-azure-ad-sign-in-and-keep-me-signed-in-experiences-rolling-out-now/.
EricStarker
Nov 15, 2017 Place Microsoft Entra
297KViews
2likes
121Comments
Google Authenticator app & Office 365 MFA
Is it possible to use the Google Authenticator iOS app with Office 365 MFA instead of the Microsoft Authenticator app? I tried adding to Google Authenticator with both QR code and manually but got failures each time.
Bryan Callicott
Sep 20, 2017 Place Microsoft Entra
276KViews
5likes
31Comments
ADFS vs Azure AD for SSO
Hi there Bit of a newbie question but what is the difference between using Azure AD and ADFS as a SAML identity provider? We have on-premises AD and ADFS servers and a federation with Azure AD using AD Connect. We want to integrate with a SaaS app that is listed in the Azure AD application gallery but I can't find any definitive information that guides me whether it would be better to use Azure AD or ADFS as the identity provider. Any help would be appreciated. Regards Neil
Solved
Neil Manley
Apr 24, 2017 Place Microsoft Entra
271KViews
0likes
10Comments
Myapplications.microsoft.com and managing applications
We have begun testing the new Myapplications.microsoft.com site. One thing we have noticed is the inability to manage the users who have access to an enterprise application. In the older MyApps site, a delegated user listed within the self-service properties of an enterprise application, could manage and invite guest users (if they have been added to the Guest Inviter role) to their application. However, when trying to do the same thing on Myapplications.microsoft.com brings up the following message on the Permissions and Accounts tab: "This app does not have any accounts." Has anyone else experienced this issue? We currently have Azure AD P1.
gabegsc
Jun 11, 2020 Place Microsoft Entra
239KViews
1like
13Comments
Powershell CMDlets for MFA Settings?
Does anyone know if there are Powershell Cmdlets available to allow inspection of a user's MFA settings related to which verification options were configured and which option is considered primary? I am mostly focused on Office 365, but I think that this is an Azure AD question in general. Here's the use case that I am considering. We have a number of Office 365 users with MFA enabled. There was configuration guidance given at setup time, but not all users chose to follow that guidance. Specifically, many chose SMS notification, but our facility is notorious for poor cellular reception. Mobile app is preferred in this environment. In some cases, they deviated from the suggested method intentionally and, other times, unintentionally. This leads to support calls and it would be very useful for the support tech to know up front which methods are configured and which is the user's primary verification method. I've looked at the Azure AD module, but haven't found what I'm looking for yet. Thanks, Andy Baerst
Solved
ABaerst
Feb 13, 2018 Place Microsoft Entra
236KViews
4likes
30Comments
Azure AD Connect - Dealing with incorrectly created users post-sync
We have a single domain in windows AD, not the same as our verified domain in Azure AD (through 365). If a user was not set up to use the "verified" suffix in their user principal name, Azure AD Connect will create a user with the traditional "onmicrosoft.com" UPN in azure. This makes sense, but I want to understand this better, because if this happens by mistake I do not currently know how to "delete" or "merge", or perhaps "change the sync target" for that unmatched account. In this scenario assume that the user did exist already in Azure AD with a proper verified "@company.com" UPN, but now they have an incorrect "new" account. What should be done in this situation? Currently I have successfully gone through the process of disabling the sync, deleting the new incorrect user in Azure AD, fixing the UPN in windows server AD, and then re-syncing. This seems like a nuclear approach for such a localized issue. Any guidance is appreciated.
Solved
Myles Gallagher
Jul 31, 2018 Place Microsoft Entra
176KViews
0likes
9Comments
Join windows server 2019 to Azure AD
Is there an option or work around to join windows server 2019 standard to azure AD for authentication ?
Jeremiah Kibanga
Jun 01, 2019 Place Microsoft Entra
172KViews
1like
20Comments
Azure AD PowerShell v2 cmdlets not working, e.g. Get-AzureADPolicy
Sorry if I posted this twice, to me it seems that the first post did not succeed. Installed PowerShellGet using the MSI. Installed the Azure AD PowerShell v2 GA module using Install-Module AzureAD. Connected and authenticated to our Azure AD tenant successfuly using Connect-AzureAD as can be seen below. PS C:\Users\Administrator> connect-azuread Account Environment TenantId TenantDomain AccountType ------- ----------- -------- ------------ ----------- xxxxxxx@xxxxxxxx.nl AzureCloud xxxxxxxx-0599-4cd4-8... xxxxxxxx.onmicrosof... User But when running the Get-AzureADPolicy I get the error that this cmdlet is not available as can be seen below. PS C:\Users\Administrator> Get-AzureADPolicy Get-AzureADPolicy : The term 'Get-AzureADPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Get-AzureADPolicy + ~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-AzureADPolicy:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException What am I doing wrong? I urgently need to adjust the token lifetimes.
Han Valk
Jul 14, 2017 Place Microsoft Entra
168KViews
1like
15Comments