User Profile
PeterJ_Inobits
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Fido passkeys blocked by policy
Hi all I'm helping out a customer with deploying physical passkeys and I'm running into a weird error. I've activated the sign in method and selected the two AAGuids for the Authenticator app and I've added the right AAGuid for the brand and model of passkey we are using. We can select the authentication method and enroll the security correctly but when trying to sign in using it we get the error as displayed in the attached picture. When checking the sign in logs i get this error message FIDO sign-in is disabled via policy and the error code is: 135016 I've not been able to track down any policy that would be blocking passkeys. anyone got any ideas?Service account usage
've been ach is installed on 3 iut 4 DCs and a large percentage sked by a customer to try and identify service accounts operating in their ADDS environment. I have access to both MDI and MDE. Does anything in the Defender stack inventory the services on machines and retrieve which accounts are being used to launch them? I have a list of service accounts based on the clients naming convention but i strongly suspect that that list is incomplete. Any assistance or guidance would be greatly appreciated. I've spent this afternoon experimenting with KQL but not satisfied with th eoutcome.Weird Error with the Microsoft.Graph SDK Module version 1.13.0
Hi all I cannot get the Microsoft>Graph SDK Powershell module to work especially the User module. When running the module within VSCode when using the get-mgbetauser cmdlet I get an error stating that the module can't be loaded twixe, When running the get-mguser cmdlet I get an error stating that object is not instantiated Anyone got any ideas? PowerShel V 7.4..1 Microsoft.Graph version 1.13.0 Any help would be appreciated. I can supply screenshots and errors grabs. I am seeing the following error in the PowerShellCore\Operational log: Error Message = Assembly with same name is already loaded Fully Qualified Error ID = System.IO.FileLoadException,Microsoft.PowerShell.Commands.ImportModuleCommand Context: Severity = Warning Host Name = Visual Studio Code Host Host Version = 2024.0.0 Host ID = 578c2112-e422-40bc-a34b-1fc646c895e9 Host Application = C:\Program Files\PowerShell\7\pwsh.dll -NoProfile -ExecutionPolicy Bypass -Command Import-Module 'c:\Users\PeterJoLocal\.vscode\extensions\ms-vscode.powershell-2024.0.0\modules\PowerShellEditorServices\PowerShellEditorServices.psd1'; Start-EditorServices -HostName 'Visual Studio Code Host' -HostProfileId 'Microsoft.VSCode' -HostVersion '2024.0.0' -AdditionalModules @('PowerShellEditorServices.VSCode') -BundledModulesPath 'c:\Users\PeterJoLocal\.vscode\extensions\ms-vscode.powershell-2024.0.0\modules' -EnableConsoleRepl -StartupBanner "PowerShell Extension v2024.0.0SolvedAzure AD B2C Tenant documentation tools
HI Community Has anyone in the community come across a toolset or utility to document and audit an Azure AD B2C environment in terms of app registrations, user flows and experience frameworks and how they are all tied together? I been requested to generate an audit/configuration report for an Azure AD B2C environment and any assistance or guidance would be appreciated.618Views0likes0CommentsEntraID User creation and sync back to ADDS
HI everyone I've been asked to inquire about the roadmap for ths feature or if one even exists. I know the feature was removed from AADConnect sometime in 2015. Are there any plans to revive it? If not is this something that is being addressed/dealt with by the new API based provisioning system and User lifecycle flows? Any guidance would be greatly appreciated..MDI Auditing and configuration check
Hi all Is there any utility or Powershell script which verify that all the required auditing settings for MDI have been setup. I'm troubleshooting/evaluating an MDI deployment and I'm seeing differentials betwen AD and the MDI logs. As an example I have user objects created in the last 30 days but zero events indicating such in the IdentityEvents table. Of course this could just be me being dense, I don't have access to the either the legacy portal or the configuration settings in the new portal. Anyone got any ideas?3.7KViews0likes2CommentsRe: Configuraion ADFS shows - Time out has expired and the operation has not been completed
Are you using the AADConnect wizard to try this or the ADFS configuration wizard?? I've seen something similar when the ADFS server has not been able to reach the Office 365 RPT trust endpoint or the AADConnect box doesn't have access to the internet either. Also are you providing the ADFS server name or the farm name?4.5KViews0likes3CommentsRe: Azure AD Dynamic Security Groups
It would really be useful. The other feature that would be cool is the ability to create dynamic user security groups based on the on premises DistinguishedName attribute of a user when they are synched to AzureAD. The weird thing is you can do this based on the onPremisesSecurityIdentifier attribute but not the DN... Well you couldn't do it the last time I checked .😀7.4KViews1like1CommentDynamic Security Groups based on the onpremisesDistinguishedName attribute
Hi to the community Got an interesting question. I see that you can create dynamic security groups based on a large number of attributes including onpremisessecurityidentifier, I can see some use cases for that one 🙂 however it doesn't appear to be possible to create dynamic group based on the onpremisesdistinguishedname 😞 Is this possible? I did some reading about being able to consume custom attributes based on applicationID. Would this be a possible approach to investigate. If so does the AADConnect system even register an AppID and how would I go about locating it? Thanks for any advice or pointersAzure AD Cloud sync and exchange
Hi all I have a customer who's moved all of his mailboxes to EOP. AADConnect is still set to enable Hybrid Exchange mode Since he is only using the exchange server to mailbox enable users and create Distribution groups etc. what would the impact be of disabling Hybrid mode and converting him over to cloud sync rather than AADConnect? Would they still need an Exchange server on premises to manage the exchange attributes of the users or can that now be done O365?1.5KViews0likes2CommentsExcel Onedrive and linked documents
Hi experts I have a customer with a group of users, finance department naturally, who have loads of excel workbooks with embedded links to other excel workbooks on the same workstation. When these files get synced via the Onedrive app to Onedrive the links get completely broken because of course the absolute filenames have now changed from say c:\users\xyz\documents to c:\users\xyz\onedrive - tenant\documents Does anyone have anysights or knowledge of a way to configure the onedrive sync app not to chnage the file paths to prevent this from happening or is there an Excel setting that will automatically update the links or perhaps a utility to find these links and update them?636Views0likes0Comments
Recent Blog Articles
No content to show