How to update the proxyAddresses of a Cloud-only Entra ID user
I currently have a client with an Entra ID user (not migrated from on-premises) that is cloud-based, but has proxyAddresses values assigned. Now, I want to update the proxyAddresses through the Graph Explorer and have used this link as a guide: https://learn.microsoft.com/en-us/answers/questions/2280046/entra-connect-sync-blocking-user-creation-due-to-h. Now this guide is suggesting you can use the BETA model and this URL format... https://graph.microsoft.com/beta/users/%USERGUID% It states you can use that URL to do both 'GET' and 'PATCH' queries - the PATCH query being the one that will change the settings. You have to put forth a body for the proxyAddresses property in the PATCH query, which represents all of the addresses you want the user to utilise as proxy addresses. Now the GET query works... The PATCH query does not... Screenshot provided: Now, regarding the error message, I have applied ALL possible permissions in the 'Modify Permissions' tab. It is still erroring, Now I cannot use Exchange Online PowerShell, as the user does not have a mailbox! Aside from potentially using a license for Exchange Online or provisioning a mailbox for the user, and making the necessary changes, would the only other option be to delete/recreate the user?
Single-Sign On
After troubleshooting an issue for a customer, we determined that the prerequisites for enabling SSO at the AVD host pool level is not strictly enforced when a user goes to execute the SSO workflow from MSRDC or the Windows App. Meaning, that if an administrator does not enable the -IsRemoteDesktopEnabled flag on the Service Principals "Microsoft Remote Desktop" and "Windows Cloud Login" respectively. Setup: Deploy Entra ID Joined session hosts to a host pool and enable the "Microsoft Entra single sign-on" RDP property to "Connections will use Microsoft Entra authentication to provide single sign-on" or update the RDP connection string with 'enablerdsaadauth:i:1'. Result: User will not receive the 'Windows Security' dialog box to access the session host with their Entra ID credentials. Caveat: Be aware that to sign in with Entra ID credentials, minimally, the host pool RDP settings must contain 'targetisaddjoined:i:1'. Microsoft states this is going away and blending into 'enablerdsaadauth:i:1', which also enables SSO. It seems a bit odd of a move in my opinion and having two separate RDP properties makes sense if a company does not want SSO. But it is in alignment with Microsoft's push for passwordless authentication. For the Microsoft AVD team, why does this behavior exist and is it on the roadmap to be fixed if it's a known gap?
Adding connected organizations with powershell
Hi, When adding connected organizations using Powershell, the connected organization is added with auth type: OTP/Microsoft account. When adding the connected org using Entra portal, the org is correctly added as a Microsoft Entra ID tenant. Is there any way to add the org as a Microsoft Entra ID tenant programatically?
Entra ID Service not running?
hello everyone, we get a notification on our email that the Entra ID Sync service is not running, while it is set to automatic. then 30 minutes later, at the next scheduled sync, it resolves itself. our event viewer shows 1 export error with event ID 6100, that was an user were the inheritance wasn't set up properly, we fixed that, but that did not fix the error in the title. we googled, but really only found "turn on your service and set it to automatic" which is not that helpful. i checked using AI, but that did not go anywhere either. "your internet might have been down" yeah thank you, if that was the case, we would have noticed a wider spread outage.. we thought it might be a throttling issue, but it happens at seemingly random times, so not only during daily start up. so we are kind of at a loss to how to properly fix this, any suggestions?
Entra Connect - Access to onsite Server Shares
Will setting up Entra Connect and syncing AD IDs with Entra IDs provide access to on Prem Windows server shares? We are planning for our migration to the cloud and have a bunch of Windows server shares that users currently access with their Active Directory accounts. Setting up Entra Connect and syncing the AD accounts to Entra ID Accounts provide the same access to these shares? Migrating the file shares to Entra ID is a bigger migration project probably further down the road. I found this article but it's the other way around, Hybrid identities accessing Azure shares: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2CintuneImplementing Azure ADConnect in a live environment
I have been tasked with implementing Azure ADConnect for my company. We currently have 2 locally virtualized domain controllers and are already utilizing Office365 for mail. What would be the easiest way to implement ADConnect while having the least amount of downtime/user interruptions.
How can I monitor Entra Connect Health Sync?
Hello, How can I monitor Entra Connect Health Sync events and get alerts on failures? I have set up to be alearted to events in the Entra portal but I only get a summary email, and not instant notifications. I wish to informed if there is a loss of sync between OP and Entra, or with SSPR? Is this possible other than what MS give us in the Portal. ThanksAdding users to an AD group with Azure Functions/Logic Apps
I want to add users to an Entra ID/Azure AD group. The list of users will be retrieved from a REST API call with Azure Functions, and then saved into a database, probably Azure SQL. I'm planning on then using Azure Logic Apps to connect the database to the AD group. How can I make the script run every time the REST API changes? Can I add users to the AD group from SQL? Is there a better way to go about this?
