Azure AD Connect Admin Audit log
Hi, Does anyone know if there is an Admin audit log for AADConnect? i'm looking for something that logs when an admin has, for example, made a change to the sync, such as adding or removing an OU from the sync scope, manually triggering an initial or delta sync, opening the admin tools or opening the connectors in edit mode? i am seeing a lot of clients systems whereby AAD Connect spends a lot of its time complaining about the need for an initial sync, I suspect a lot of these cases are where an admin has opened the sync and OK'd, or even cancelled out, but it seems to have marked the connector as changed. it seems odd that there is no evident admin audit log for something as critical, and security sensitive, as AAD Connect, if there isnt. if it relies on logging to event viewer only, then is there any guidance or documentation (i haven't managed to find any) to identify which event IDs would correlate to the above activities, trawling the logs so far i havent found anything identifying when a connector has been changed or, frankly, when an admin has opened or used the tools (MIISClient or Azure AD Connect app/tool) Thanks in advance for your input. Pete
Get a real report of users with MFA enabled.
Hello folks đŸ™‚ I have a problem, we are in the process to enable MFA in our organization (more than 250 users) and now we are finishing this project, the problem now is that we don't have a real scope of the current status because in the Azure Portal (https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365) who set up this through MyAccount.Microsoft.com > Security Info > Update Info - the Azure portal continues to show that MFA it is not enabled yet if functions; even if is required to configure or access certain account settings to the useres. Is there any other way to get the actual status of who has MFA enabled?
Connect-SPOService : Could not authenticate to SharePoint Online
Hi All! I am unable to connect to SPO from SharePoint online management shell using my account. MFA is enabled. Connect-SPOService -url https://[URL].sharepoint.com I'm getting the following response: Connect-SPOService : Could not authenticate to SharePoint Online https://[URL].sharepoint.com/ using OAuth 2.0 At line:1 char:1 + Connect-SPOService -url https://[URL].sharepoint.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-SPOService], AuthenticationException + FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.AuthenticationException,Microsoft.Online.SharePoi nt.PowerShell.ConnectSPOService Can anyone help with this? Thanks.
Add Support for Multiple Domains for federation with O365
Hi Team, We currently have ADFS (ADFS is running on Windows 2016) in place for around 100 users auth to 365 using a single domain 'domain1.com', we have federated it and enabled SSO. We now need to federate additional domains - 'domain2.com and domain3.com' The new domains have been added and verified in 365 so now show as managed domains The original domain1.com did not have the -supportmultipldomains switch used when it was converted to a federated domain. What do we need to do here? Should we remove the Microsoft Online trust from AD FS federation server Management Console? and then update original domain . Though, i assume it will be done during non-business hours. Password synch is enabled and we do not want to change passwords of users. What will be the Impact on 100 or more current users of The original domain1.com, if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users. Thanks!PowersHell and Basic authentication
Hi there, I have been trying to get the PowersHell connections to work to Office 365 and current results are: (AD) Connect-AzureAD: Working (Exchange) Connect-EXOPSSession: Not working (Basic authentication is currently disabled...) (Skype) New-csOnlineConnection: Not working (Basic authentication is currently disabled...) Question to you who might know this better: why AzureAD is working while others doesn't? Has AzureAD team done some fixes to their connection and Exchange/Skype team has not? Both of them are asking the MFA credentials, but when I have appoved the authentication request on my phone the error appears. My connections are coming through the proxy and the MFA is enabled on the tenant.
AD FS failover login to Office 365
Newbee here, We have an O365 environment where we log in to O365 via AD FS. We have had many unplanned outage (not controlled by IT and many more scheduled) which has taken down power to our data center, which includes our AD FS server. How do others fail over to logging into the cloud instead of being down becasue of a power outage to your data center? We would like to by default use AD FS but fail over to cloud if AD FS is down. Thoughts?
