Provisioning Azure Database for MySQL - Single Server from AKS
To gain the benefits of using a MySQL database in a Kubernetes application, a common strategy is to provision the database in a container running in a pod. In doing so, the database will use the cluster resources. Accessing the database from other pods in the same AKS cluster running client apps is possible via Kubernetes networking. However, if for some reason cluster resources become unavailable, both the application and the database will be unavailable, as both rely on cluster health. To address this issue, you can substitute the local database in AKS with Azure Database for MySQL, which will separate the database from the AKS cluster.
SCIM provisioning - custom app authentication
Hi, in the documentation for https://learn.microsoft.com/en-us/entra/identity/app-provisioning/use-scim-to-provision-users-and-groups#handling-endpoint-authentication, two methods are given: 1) a "long-lived token" (i.e. a secret key that has to be pasted in-clear by the admin) 2) "Microsoft Entra bearer token" - similar to other services (e.g. callbacks for MS Teams bots), Microsoft sign the outgoing calls, and the app being provisioned can validate them against Microsoft's public keys To me, option (2) is by far the best - each message is signed individually, there is no manual handling of secrets etc. As said in the documentation - "Apps that use Microsoft Entra ID as an identity provider can validate this Microsoft Entra ID-issued token." - great! So why on earth does it then say "The token generated by the Microsoft Entra ID should only be used for testing. It shouldn't be used in production environments." ? Why not? The whole system of Entra bearer tokens is only for test? And production should go back to secret keys, with all the problems they have? It doesn't seem right.. What am I missing here?
Azure AD SCIM Validator is in General Availability (GA) Status
You can now validate the compatibility of your SCIM provisioning endpoint and Azure AD code base using our Azure AD SCIM Validator. This tool can be used by ISVs who want to build SCIM compatible servers either for gallery app or generic app and developers building their line of business SCIM apps. https://learn.microsoft.com/azure/active-directory/app-provisioning/scim-validator-tutorial
Migration to Cloud Sync (passwords)
We want to migrate from AAD Connect Sync to Cloud Sync. When provisioning new users we could use temporarily passwords in AAD Connect Sync, through this feature: Set-ADSyncAADCompanyFeature -ForcePasswordChangeOnLogOn $true Is this feature still available in Cloud Sync? If not what is the workaround?
Generating proxyaddresses during user provisioning
Hi All, we have requirement to generate alias email addresses during user provisioning. we tried to use selectunique function in the proxyaddresses generation and mapping to ad proxyaddresses but we are not able to achieve it. can you please help thanks, shashidhar joliholiCannot provision SP modern site with Group programmatically - "Alias is already in use"
Hi, I'm building a solution that can provision O365 Groups with associated Modern Team Site and Teams. While trying to create some new Sites with Groups, sometimes the creation fails with the error message "The alias for the group already exists". Provisioning : Tried both using New-PnPSite from PnP PowerShell v2.28.1807.0 , as calling directly the REST API /_api/GroupSiteManager/CreateGroupEx with the same result (error) Payload: {"displayName":"TestPosh2", "alias":"13015", "isPublic":false, "optionalParams":{"Description":"","CreationOptions":{"results":[],"Classification":""}}} Response: {"error":{"code":"-2147024713, Microsoft.SharePoint.SPException","message":{"lang":"nl-NL","value":"De alias voor de groep bestaat al."}}} There isn't any visible existing Alias created in the tenant with that ID. To verify this I did check - Exchange Admin Center - Get-UnifiedGroup (Exchange) - Get-PnPUnifiedGroup - /_api/GroupSiteManager/GetValidSiteUrlFromAlias?alias='13015' They all return no matching data, the last one returns an OK status code with the available URL for site: http://tenant.sharepoint.com/sites/13015 How can I further see whether this alias can be in use, or successfully use it for the new site?
