GSA - Web content filtering - Custom blocked page
Hello everyone, I have a quick question. I just tested the 'Web Content Filtering' of Global Secure Access. However, in Microsoft's documentation, two processes are mentioned for displaying blocked sites (related to HTTP and HTTPS). I wanted to know if it is possible to create a custom page (for example, adding the company logo, indicating the reason for blocking such as the associated web category, etc.). I tried to search, but no documentation related to this is available (or at least I couldn't find it). Thanks in advance for the help!
Lighthouse - viewing CA configuration at-a-glance
Hi, first off - apologies if I'm in the wrong space. I really do not understand the community hub structure, and there doesn't seem to be one for lighthouse. recently came across our 2nd tenant this year that did not have any CA policies set. Assuming this was just overlooked during P1 purchasing or something. Is there a way to view CA status within Lighthouse for all tenants? We do not have the full granular admin setup - our customers are sub-tenants but only just. We have domain admins for each, but our personal accounts do not have Security Admin roles on them. Saying this because it locks me out of some Lighthouse features. But trying to find a way to check this easily. Thanks
Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.
Registered App > Grant Permission to OneDrive?
Hello everyone, I'm trying to connect an automation platform (N8N) to our OneDrive. What I did: registered an app create a secret for it gave n8n the client id and secret value gave the app various api permissions (i.e. files.readwrite.all) created an app role (users & apps) added myself as an owner Error I'm running into: "Forbidden - perhaps check your credentials? You do not have access to create this personal site or you do not have a valid license." I know that I have all the needed permissions, because in another automation platform which is more hands-off (Make.com), everything works fine. Unfortunately, I need it in N8N, which requires more setup. My question: What permissions do I need to give the registered app? Did I miss a step in the grand scheme of things? Thanks a lot in advance!! TomAPI-driven provisioning to on-premises Active Directory mapping of the manager not working anymore
Hello Guys, I have a problem with the provisioning service of the above enterprise application. The whole time it was working fine until yesterday when I changed an attribute mapping (not the manager mapping) and now the manager is not sync because he can't lookup the manager, with every user even though the all worked before. Error: UnableToResolveReferenceAttributeValue Someone have an Idea or the same problem?Conditional Access falsely detects logins from Android as Linux (and blocks them)
Hi everyone, we're facing an issue which we can't solve correctly: Scenario: Users are accessing M365 Content from Windows, iOS and Android Devices. Conditional Access is configured to block Logins from "unknown platforms", so only Win, iOS and Android are allowed. Issue: Some users experience weird issues: They're using an app with m365 SSO. The App opens up the Edge Browser for handling the login-flow. Afterwards the login fails. As i can see in the Entra SIgn-in Logs the user-agent is linux. (Therefore it gets blocked correctly) A few minutes before the same user, with the same mobile phone, with the same app access isn't blocked, because the login was recognized correctly as android. Currently i don't have any ideas and i was hoping some of you have great ideas. 🙂 (Adjusting the Conditional Access Policy to allow linux isn't an option, of course.) Regards, Patrick
Limitations on Modifying Enterprise Applications in Azure AD
Hi All, I'm curious about the limitations on modifying Enterprise Applications in Azure AD. Specifically, are there any restrictions on how frequently we can make changes to attributes, ACS, or reply URLs? I understand that modifying these settings can impact user access, but I'm concerned about potential rate limits or other restrictions that might prevent frequent updates. Any insights or best practices for managing these changes would be greatly appreciated. Post Script We don't have a dedicated QA environment, so understanding these limitations will help us plan our changes carefully.
Issue: Invitations from SharePoint and Teams Redirect to Incorrect Page
I hope you're doing well! I’m reaching out to seek some guidance regarding an issue we’ve encountered with guest invitations in SharePoint and Teams. When we send invitations to guests from SharePoint and Teams, they are redirected to the Entra ID "My Applications" page instead of directly to SharePoint or Teams. We do not want guests to be redirected to the "My Applications" page in the directory but rather directly to the respective service/application. Is this a configuration setting, and if so, where can this be adjusted? I have been unable to locate such a setting in Entra ID. Another notable issue is that invitations take 1 to 2 hours to reach the invited guest. Thank you in advance for your assistance.
Microsoft Entra Hybrid Join Issue Despite Setting Up All Essentials
I’m facing an issue where my client computer is unable to join Hybrid Azure AD, even though I’ve already set up all the essential steps, I downloaded that Microsoft Entra Connect Sync tool from the official site and did all the necessary steps. including configuring the SCP (Service Connection Point). Our main server is in New York, and our branch office is in Asia region, I want to have Microsoft Entra Hybrid Joined to all of my office PC in order to apply some conditional access policies. Despite these setups, the device fails at the discovery phase, and I can’t figure out what’s missing. This is what it says when I try to manually add the client PC TenantInfo::Discover: Failed reading registration data from AD. Defaulting to autojoin disabled 0x800706ba DsrCmdJoinHelper::Join: TenantInfo::Discover failed with error code 0x801c001d. Has anyone encountered a similar issue? Any guidance or troubleshooting tips would be greatly appreciated. Thanks!
