Microsoft Entra (Azure AD)

Hello experts,   today, a user contacted me that she cannot access M365 and asked to unlock her account. 1st thing I've checked were her log-ins in MS Entra and…

Hi, We have a web app that used EntraID for OIDC. We use the web browser to loginto the web app , gets redirected to the EntraID authentication page and…

I’m thrilled to announce the public preview of advanced certificate-based authentication (CBA) options in Conditional Access, which provides the ability to allow access to specific resources based on the certificate…

HI everyone   I've been asked to inquire about the roadmap for ths feature or if one even exists. I know the feature was removed from AADConnect sometime in 2015.…

Hello-   I had a user MS credentials used to login remotely.   Account is stable now but as I go through logs for the time, I believe the user gave…

Many moons ago, I dabbled with a tenant for my domain. Had forgotten all about it until I got the prompt to choose between 'Work or School' and 'Personal' account.…

Hi,   I'm looking to customize the KMSI (Keep Me Signed In) checkbox user interaction on the Local Account sign-in flow using a custom policy.  Does AD B2C allow for…

We are attempting to grant access to the external collaboration settings in Entra to facilitate adding and removing domains. We've gone over all the documentation and tried every single role…

Hello everyone, I have a problem and need help with the solution. We invite external people as guests to our Azure AD or Entra ID so that they can actively…

Hi Are having a new issue, have set up CTS with this tenant before, and now gets issue with "SkipReason "AlreadySoftDeleteEntry" as reason, and gets message: "The user [user] is…

Hello All,   I keep coming across entries in our Azure Audit Logs off the Entra ID portal showing that existing applications in our environment are creating events showing that…

This blog revisits the top features delivered in Microsoft Entra over the last calendar year. We served thousands of customers to verify all types of identities and secure, manage, and…

Hey!   I have been deploying access packages in my organisation for the past 14months. The questions and answers section is very useful and combined with custom extensions can automate…

Hi,   Very odd one today, a user just contacted me as they just had to reset their password.  When they were prompted with the methods to verify identity they…

We've created a new Enterprise Application in our Entra ID (cloud) for connecting to a third-party SaaS solution. Part of their requirements is that we need to supply a claim…

Hello, I see that there is an option to have a custom sign-in page for a free version of AzureAD / Entra Id.Microsoft Entra Plans and Pricing | Microsoft Security…

Hello, while investigating risky users we can across an alert where the 1st login location is shown as "CL" , can someone help with what CL might refer to in…

There’s a plethora of data connectors for Microsoft Sentinel, from Microsoft and Azure services to third party sources and custom logs. This data is only as good as the analytical…

Hello there! In our Azure environment, we collaborate with multiple companies that want to use our services (B2B). Our services use RBAC synchronized with security groups in MS Entra. Each…

Hi all,   I have recently successfully set up AAD B2C with a SAML application, and all is working fine.   However, B2C sends the user's object ID back to…

Hi,   When I use AzureAD PowerShell module, I see my own user location under the attribute "PhysicalDeliveryOfficeName". However, when I use the MS Graph module, it's listed under "OfficeLocation".…

I have Entra Connect Cloud Sync set up on one of our DC's.  Entra reports the agent as healthy, and it has no problems syncing users from the OU I…

Hi,   I have a 3rd party vendor who has an app registered in their tenant and their setup process creates an enterprise app in my tenant. It's how the…

Hello,   I need to ask about the buffer size and time of the azure monitor agent when it's installed in Linux machine to work as Log collector agent for…

By Timur Engin   One of the best practices for securing your organization's data is to follow the principle of least privilege, which means granting users the minimum level of permissions…

Are you requiring your admin users to work from managed and compliant devices? Then how do you deal with external admin users working from their own devices? Do you exclude…

Trying to clean up our environment of unnecessarily synced objects. Of course, I want to sync users with e-mail, security groups, contacts, and so forth. However, the following top-level domain…

Apps, Microsoft Authenticator, Access Management, Passwordless, Log Analytics, Azure

When using Microsoft Entra free, an admin user has the ability to create Custom Security attributes with the "Attribute Definition Administrator" role. However, they cannot assign (or even see in…

Stolen authentication artifacts – tokens and cookies – can be used to impersonate the victim and gain access to everything the victim had access to. Up until a few years…

Hi In our organisation we are using Windows 10 hybrid-joined laptop devices and Apple iPhone devices. All are "managed" devices (being Intune enrolled). Over the past 6 - 9  months…

Understanding how permissions work is important to security and I can say this aspect has confused me since starting to work in Azure AD. Take this example, I have an…

Got an SPA App and Api I'm using MSAL for authentication. The endusers come from a limited set, but not a singular, tenant.Since for the application authentication I can only…

Hi All,   I am interested to test the Entra ID private access, but when I go to the connectors, it shows as "Private Network is currently disabled for your…

Hoping someone can assist with this. I started Azure AD Connect sync and now one of our users is having issues. She reached out letting me know her office had…

Hello,  I'm trying to sync some groups from a tenant to another, but the log return this error: Result   Skipped Description Group '31d81b35-5725-40f5-9242-02a100363959' will be skipped. EntityTypeNotSupported SkipReason  EntityTypeNotSupported ReportableIdentifier 31d81b35-5725-40f5-9242-02a100363959   This…

Today, I’m excited to share with you several new developments in the journey towards phishing-resistant authentication for all users!  This isn’t just essential for compliance with Executive Order 14028 on Improving the…

Microsoft Entra Permissions Management is a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage the permissions of any identity across organizations’ multicloud infrastructure. With Permissions Management, organizations can…

Hi, I have configured tenant synchronization setup and everything is working fine. except when I delete a User from the source tenant, it doesn't delete from the target tenant. Is…

Hi. I am trying to implement the log-in function in Power App. The user should be able to create their own account through Power App and log-in again next time…

At Ignite 2022, we announced the general availability of Microsoft Entra certificate-based authentication (CBA) as part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity. Based on our experience…

I notice the user audit logs in Azure AD do not seem to log OAuth-related activities such as issuing and renewing a token. Is there a way to see that?…

Is it commonplace, or even a formal Microsoft recommendation ,to not have any of your IT support admin accounts as permanent members of the global admins role in AAD? And…

Am trying to create group with dynamic user membership using attribute "Employee Type", tried to get details from Extension attribute but didnt find any option, Did anyone tried this and…

What is the default time period for this policy in Conditional access policy for Idle Session timeout" policy as I was looking for way to create this policy for unmanaged…

Hello everyone, guys I have the following scenario.   Domain A with Adconnect synchronizing users with Tenant.The need came to migrate users to a new B domain. This new domain…

Hi,   since couple of days ago we dont have the possiblity for a users to add a MS Auth. App from the drop down list. This is MS's doing,…

Hello all!   Newbie (and very green/stupid) but we're coming over to MS 365. Here's a problem.    I just connected my Surface to the new tenant but it's not…

Hello Guys,I have been trying to wrap my head around this Conditional Access policy.I want a policy that is requiring Compliant or Hybrid-Joined device.My settings:Users: All users (excluded: guests and…

Hello Guys,I have been trying to wrap my head around this Conditional Access policy.I want a policy that is requiring Compliant or Hybrid-Joined device.My settings:Users: All users (excluded: guests and…