Security Info blocked by conditional access
Hello, We have a conditional access policy in place where a specific group can only access Microsoft 365 (deny all apps, except Office 365). The moment a user clicks on Security Info in My Account, the user is blocked by this policy. I cant find a way to exclude the app "My Signins" (AppId 19db86c3-b2b9-44cc-b339-36da233a3be2). Since MFA is forced for this group, they can't change their authenticator app registration. Is there a solution for this? Initial MFA setup works by the way. UPDATE jan 23, 2025: I contacted Microsoft support and this was their answer (in short): " MySignin is a very sensitive resource that is not available in the picker and cannot be excluded in the conditional access policy. Also, the application is calling Microsoft Graph. I understand that this is not the information you are looking to hear at this time, I would have loved to help but the application cannot be excluded from the policy. "
Disabling Directory Sync for Hybrid - Overthinking?
Hi all, I am at the finish line for decommissioning On-Prem AD and moving from our Hybrid environment to managing our identities in Entra. About to cut off the Directory Sync. Weirdly couldn't find a concrete answer on this question online, but I might just be overthinking this. **Devices are Entra enrolled + Intune Managed, NOT Domain Joined.** User profiles that originate from On-Prem AD on the endpoints still show as DOMAIN\username. User profiles that originate from Cloud on the endpoints show as AzureAD\email address removed for privacy reasons. What happens to these On-Prem User Profiles when we disable Directory Sync? Do they change over auto-magically to "AzureAD\email address removed for privacy reasons" on the endpoints? Am I missing something here? Thanks in advance.
Entra ID expressions for attribute mapping
Hi All, we have the following requirement. if [StatusEndEmploymentDate] is null or if its grater than today's date and city value is present the user should move to repective OU if [StatusEndEmploymentDate] is less than today's date than user should move to the staging OU. we have tried following query but there is no luck. need your help to achieve the requirement. Switch([StatusEndEmploymentDate],Switch([City],"OU=Users,DC=abc,DC=com", "Amsterdam", "OU=Users,OU=Amsterdam,DC=abc,DC=com", "Antwerp", "OU=Users,OU=Antwerp,DC=abc,DC=com", "Bengaluru", "OU=Users,OU=Bengaluru,DC=abc,DC=com", "Copenhagen", "OU=Users,OU=Copenhagen,DC=abc,DC=com"),IIF(DateDiff("d", Now(), [StatusEndEmploymentDate])>"-1",Switch([City],"OU=Users,OU=IAM,DC=abc,DC=com","Amsterdam","OU=Users,OU=Amsterdam,DC=abc,DC=com","Antwerp","OU=Users,OU=Antwerp,DC=abc,DC=com","Bengaluru","OU=Users,OU=Bengaluru,DC=abc,DC=com","Copenhagen"))
Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.Generating proxyaddresses during user provisioning
Hi All, we have requirement to generate alias email addresses during user provisioning. we tried to use selectunique function in the proxyaddresses generation and mapping to ad proxyaddresses but we are not able to achieve it. can you please help thanks, shashidhar joliholi
Entra hybrid join issue caused maybe by 2 M365 accounts
Hello to everyone, one of my collegue has 2 Microsoft 365 accounts on its notebook when we tried to do the procedure to hybrid join his device; I suppose the other account give us problem in the procedure; now, there is only one account even if I can see in event log, in AAD log, that there is an error and 2 warnings bound to the old account. However, I tried to repeat the procedure but without any luck; what I see that it is different from the other devices, if I give the cmd dsregcmd /status is in these 2 lines: DisplayNameUpdated : YES OsVersionUpdated : YES while on other devices I see: DisplayNameUpdated : Managed by MDM OsVersionUpdated : Managed by MDM We have all a Microsoft 365 Business subscription and the configuration and steps for the other devices was: We have all devices with Entra registered user, we started with this when we have only the Microsoft 365 Basic subscription We enrolled all devices, with group policy, in MDE when we upgraded to the business Installed the Azure AD Connect Users sync Devices sync So, in the Entra portal we have first only the entry for registered, then when we synced the devices we have a second entry with hybrid registered and finally only one entry with Owner, MDM and Settings field filled with correct data; for example, when I make an hybrid join device, initially in the row I see MDE as MDM, then when the hybrid and registered compose one row I see Intune in that field. For the device that give us problems, I see a row like this in Entra portal while in Intune Any help is greatly appreciated.Access Package Approval automation with our Servicedesk ticketing tool
Hi Team, I am trying to automate all the access package approvals to be logged in our Service desk ticketing tool. Example: When a user requests access, once an approval request triggers from Microsoft it should also log a ticket in our ticketing tool. If the request got approved, the ticket should log this information & automatically gets closed. Our ticketing tool dev team is working on it however, they are stuck in the middle & looking to extract the necessary webhook information required for triggering actions from the Azure solution. Any input or guidance regarding webhook information supported by the Azure solution would be greatly appreciated and would assist us in progressing with the discussed requirements accordingly. Looking forward for your help to achieve this. Thanks, Garima
How to Recover a Global admin account without MFA
Hi Community I have created a Global admin account in a tenant, unfortunately I had to reset my mobile device, and the MFA codes / setup are gone. I know the password for the account though, without being able to access MFA, I'm not able to login anymore. I have no other admin accounts / Privileged accounts setup. Is there any way to recover from this situation?
Entra Private Access Licensing
I'm a bit stuck trying to figure out what licensing we need to get us working on BYOD devices such as iPads if we want to use the Private Access part of Global Secure Access. A few places on Microsoft's website mention that as long as we have an Entra ID P1 or P2 license and a Private Access license assigned to a user, we should be able to enrol mobile devices without any issues. However, when I try to sign into MS Defender on an iPad (tried 2 different ones), I get an error saying invalid license. One of the users I am currently testing has an Office 365 E3 license assigned as well. Where am I going wrong?Introducing the Azure Roadmap
We launched the Azure Roadmap on Azure.com in June of this year and have received a tremendous response from our customers. For the first time in one place, customers can see what we are working on for future releases, see related feedback, and subscribe to updates. The Roadmap is also integrated with Azure Updates so that customers can see how we are delivering against our plans. We are excited to start working with the Microsoft Tech Community to further reach customers. You can now find the link to the Azure Roadmap under More Resources in the community. We are always looking to improve and would love to hear from you. Please e-mail azroadmapfeedback@microsoft.com with your comments and questions. Below are FAQs to help you get started exploring the roadmap! What is the Azure Roadmap? The Azure roadmap provides a central place where Azure customers can see what’s new and what’s coming next for Azure Where is the public Azure Roadmap? You can find it under More Resources in the community or you can go directly to https://azure.microsoft.com/en-us/roadmap/ or http://aka.ms/azureroadmap What kind of posts can I expect on the Azure Roadmap? The posts you will see on the Azure Roadmap are the key features and services that have launched or are coming soon. For details on incremental updates and/or improvements to features and services, please visit Azure Updates - https://azure.microsoft.com/en-us/updates/ How do I find a specific post on the Azure Roadmap? The Azure Roadmap page provides filters (by Product Category and/or Status), tags, and search functionality to help you quickly navigate to your area of interest. What do the different Statuses (In development, In preview, Now available) mean? In development – updates that are currently in development and testing In preview – preview; updates in preview that may not be available broadly and to all customers Now available – generally available; fully released updates How can I learn about changes in the Azure Roadmap? You can subscribe to notifications so you’ll always be in the know. Where can I find service availability by region? On the right navigation menu under “Explore” there is a link to “Check product availability in your region.” You may also find this detail by visiting: https://azure.microsoft.com/en-us/regions/
