Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.
Cloud only Entra ID Domain Services and Seamless SSO from Entra ID Joined machines
Hello I am currently implementing Entra ID Domain Services with one customer (he has no on-premises active directory). We now face the issue that an Entra ID joined client is not able to access ressources on machines that are joined to Entra ID Domain Services without entering his username and password. The authentication fails with incorrect username and password (event id 200) message and the Security-Kerberos eventlog reports that it was not able to contact a domain controller for the AzureAd Domain (so he is not using the Domain name of the target domain). However has someone already tried this and is there something I am overlooking or is that something that simply can not work. Thank you very much in advance for any ideas.
Entra ID Connect Sync - Issue Updating the SQL 2019 Local DB
Hello, Does anyone know how to patch/update the SQL Server 2019 LocalDB utilised by Microsoft AD Connect / Entra Connect? We have identified vulnerabilities on the version of SQL 2019 LocalDB used by Microsoft Entra Connect. The trace file in C:\ProgramData\AADConnect shows the following version: Package=Microsoft SQL Server 2019 LocalDB , version=15.0.4138.2 (CU11) We are attempting to update this local database to version 15.0.4415.2 (CU30), using the following package: https://www.microsoft.com/en-us/download/details.aspx?id=100809 However, when we run the package it cannot identify the SQL Server 2019 LocalDB server instance. There is a message stating: "The version of SQL Server instance Shared Component does not match the version expected by the SQL Server update. The installed SQL Server product version is 11.4.7001.0, and the expected SQL Server version is 15.0.2000.5" The version it references is SQL Server 2012, however the logs show the database as SQL 2019 and the database instance name within the Entra Connect / AD Connect agent includes 2019. I have attempted leaving the service running, manually starting the database instance, running as admin, and running the package via command prompt targeting the instance. Any insight would be greatly appreciated. Many thanks.
User and Permissions Management Issues in Microsoft Entra ID (Assigned Roles)
Hello everyone, I’m encountering some challenges with user and permission management in Microsoft Entra ID. Here are the main issues I'm facing: Revoking Local Administrator Permissions: After removing a user from the Local Device Administrator group in Microsoft Entra, the device continues to recognize the user as an administrator, even after multiple synchronization attempts. What’s the recommended procedure to force a permissions update on the associated devices? Device Join Issue via PowerShell: I'm trying to join a device to Microsoft Entra ID using PowerShell with the command dsregcmd /join to force a policy update, but I'm encountering the following error: Error 0x80041326: "Failed to schedule Join Task. Error: 0x80041326." Does anyone know how to resolve this issue or have suggestions for an alternative approach to join the device or enforce the policy? I’ve checked permissions and task scheduling services, but the problem persists. Has anyone experienced similar issues or have suggestions on how to address these challenges? Any advice would be greatly appreciated! Thanks so much in advance!
No Application acces policy found fpr graph API in MS Teams Virtual Integration
Hello , I’ve encountered an issue while integrating Microsoft Teams Virtual Events using Microsoft Graph API and would appreciate any guidance on how to resolve it. Here’s the setup: I have registered an application in Microsoft Entra ID. The app is granted application-level permissions: 1. VirtualEvent.Read.All 2. VirtualEventRegistration-Anon.ReadWrite.All I’ve set up an OAuth flow for users to authenticate with their Microsoft accounts and approve these permissions. After authentication, the user is redirected back to our app, where we fetch an application access token. The issue: We receive an access token successfully. The Entra ID dashboard shows that the app has the required permissions. However, when using the Graph API to access virtual events (Teams webinars), I receive the following error: GET: https://graph.microsoft.com/beta/solutions/virtualEvents/webinars/:id Response: { "error": { "code": "General", "message": "No application access policy found for the app (707b5896-7828-4010-834e-74d3201a3137) on the user (7f27a9fb-af1a-4d36-a102-3a9591e6aaf9).", "innerError": { "request-id": "00af9b4e-043c-4f93-8a02-a5ee14e7d29c", "date": "2024-10-02T09:10:26", "client-request-id": "00af9b4e-043c-4f93-8a02-a5ee14e7d29c" } } } My question: What does this error mean? Could this issue be related to any additional application access policies that need to be set up for Microsoft Teams or Exchange? How should I go about troubleshooting or resolving this issue? Any help or pointers would be much appreciated! Thank you!No Application Access Policy Found for Graph API in MS Teams Virtual Events Integration
Hello Microsoft Community, I’ve encountered an issue while integrating Microsoft Teams Virtual Events using Microsoft Graph API and would appreciate any guidance on how to resolve it. Here’s the setup: I have registered an application in Microsoft Entra ID. The app is set up with application-level permissions: VirtualEvent.Read.All VirtualEventRegistration-Anon.ReadWrite.All I’ve configured an OAuth flow for users to authenticate with their Microsoft accounts and grant these permissions. After authentication, the user is redirected to our app, where we successfully fetch an application access token. The app is registered as a multi-tenant application. The issue: We are using application permissions and receiving an access token correctly. The Entra ID dashboard shows that the app has been granted the required permissions. However, when using the Graph API to access virtual events (Teams webinars), I get the following error: bash Copy code GET: https://graph.microsoft.com/beta/solutions/virtualEvents/webinars/:id Response: { "error": { "code": "General", "message": "No application access policy found for the app (707b5896-7828-4010-834e-74d3201a3137) on the user (7f27a9fb-af1a-4d36-a102-3a9591e6aaf9).", "innerError": { "request-id": "00af9b4e-043c-4f93-8a02-a5ee14e7d29c", "date": "2024-10-02T09:10:26", "client-request-id": "00af9b4e-043c-4f93-8a02-a5ee14e7d29c" } } } Additional Details: The app is meant to access data related to Microsoft 365 services (especially Teams). We are using application permissions and not delegated permissions. The app needs to work across multiple tenants. My question: Do I need to configure additional application access policies for Microsoft Teams or Exchange Online to allow this app to access Teams-related data? Should I use Exchange PowerShell to create this policy, given the data is related to Microsoft 365 services (like Teams webinars)? Is there anything else I should verify for multi-tenant application permissions? Any insights or troubleshooting guidance would be much appreciated! Thank you!JoinNotFound
I have seen a post on here with the same error but it didn't seem to help me so rather than hijack the thread I'd ask again. More specifically, I don't understand which attribute it's trying to match on and how to set/check that. I get this when doing a provision on demand. "No action required. User '....' is not a newly discovered entry to be provisioned in the target application, nor one with an update that should flow to a target entry with which it was previously matched." Skipreason: JoinNotFound. I'll go through the documents again on Microsoft Learn in case I've missed something but if anyone has any pointers I'd be most grateful. TIA Andrew
Move From Duo SSO to Azure Entra ID MFA (synched from ADDS on-prem)
Hello, I have Duo set up to MFA users for RD gateway for remote connections from outside to an on-prem gateway server, RD web, and several SaaS apps that integrate with SAML including our Microsoft 365 user logins to Duo SSO. We have ADDS on-prem and sync users up to Azure through the AD Connect. I am trying to find clear answers on how to cut back over from Duo SSO to start using Azure's MFA solution. Do we cut over one thing at a time or do all cut over because all our users authenticate with our on-prem AD synched up to Azure already? I understand we use conditional access policies, but I don't know how to cut over to Azure MFA from Duo. Microsoft Learn documents talk about how great it is but never provide actual steps so that users begin to MFA with Azure (Duo uses a Powershell script and also provides secret/integration keys, for example). I am hoping someone has gone through the process that could point in the right direction to get us back to Azure MFA instead of using Duo SSO. Thanks! B
Merging two microsoft accounts
Hi, in current tenant we are using abc.onmicrosoft.com as account name for all users, so all our Microsoft products (office, teams etc) need user to login with user(AT)abc.onmicrosft.com Now we would like to use our company domain company.com, where user then can login use user(AT)company.com Question is in our company some already have their user(AT)company.com registered as a microsoft account. So when we switched to our custom domain, what would happen to their existing individual account with user(AT)company.com? Would the two merge or they don't have access to their old account anymore? Thanks for clarifying.
