Questions tagged [entra-id]
Microsoft Entra ID, formerly known as Azure Active Directory, is a cloud-based platform for handling identity and access management, identity lifecycle, and identity governance workflows.
628
questions
16
votes
7
answers
25k
views
Difference between an Azure AD "directory" and an Azure AD "tenant"?
Hopefully this is a quick answer: I'm starting some work with Azure AD and a term I'm seeing over and over is an Azure AD "tenant". It seems to be synonymous and used interchangeably with an ...
14
votes
2
answers
25k
views
Azure backup vs Snapshots
I'm an azure newbie and just trying to understand Azure better. My questions are specific to backing up Linux VMs in Azure. Please help me in understanding it better.
I read that Azure backup takes ...
12
votes
3
answers
9k
views
Why should you not restore a DC that was backed up 6 months ago?
Why should you not restore a DC that was backed up 6 months ago?
As I am learning Active Directory Domain Services I came across this question in one of the blogs but I was unable to find a detailed ...
9
votes
2
answers
24k
views
Using Azure AD to push Group Policy settings
I am trying to use Azure Active Directory instead of using a traditional domain controller.
I would like to use Azure AD to authenticate users and to push GPO settings, such as folder redirection, ...
9
votes
1
answer
2k
views
Azure AD Connect Password Sync
Windows 2012 R2, fully updated/activated
Roles: ADDS, ADFS
Installed Azure AD Connect latest version (only software installed other than updates)
Other applicable services: Office 365 (Business ...
6
votes
3
answers
37k
views
How do I disconnect from Connect-MsolService in PowerShell
I have used below command to initiates a connection to Azure Active Directory in Power Shell.
Connect-MsolService
I have completed required operations, But how do I disconnect? Do I wait till ...
6
votes
1
answer
4k
views
Is there a way to programatically determine whether a Windows computer is AAD joined as SYSTEM?
I would like to be able to determine via script whether a given Windows workstation is AAD joined, Hybrid AD joined, or on-prem AD joined.
I would like to run this script from the RMM I'm using so I ...
6
votes
2
answers
27k
views
azure cli not able login using command line option
When I try to login using azure cli by providing username and password. I get error
az login -u [email protected] -p plaintextpassword
The user name might be invalid. For cross-check, try 'az ...
6
votes
1
answer
3k
views
Bulk License Office 365 Users by OU with PowerShell
I'm trying to do something that I don't think should be too complicated of a fix. My end goal: I have certain users in one AD OU that need to use a certain license in Office 365, and different users ...
6
votes
1
answer
12k
views
Use Azure Active Directory as RADIUS server for VPN gateway?
I'm using Azure Active Directory (Premium, with full MFA). I've set up a VPN gateway and would like users to be able to authenticate to it using their Azure AD username and password (instead of ...
6
votes
1
answer
16k
views
The specified module 'MSOnline' was not loaded because no valid module file was found in any module directory
For one of my applications I have a Windows service (on Windows Server 2012 R2 x64) which role is to execute many jobs on differents schedules and triggers. One of them is to reset a user password on ...
5
votes
2
answers
4k
views
Is there a way to remove my account from an Azure Active Directory?
A while ago I was added to an Azure Active Directory that was managed by someone else, but I no longer have access to any of the subscriptions or resources that belong to the AAD. Is there any way ...
5
votes
1
answer
6k
views
Azure ARM Templates for deleting the resources
I know we can create infrastructure using ARM templates. Can we do the same for deleting the Resources. I dont want to delete all the entire resource group but few resources in a resource group. Is ...
5
votes
2
answers
5k
views
Azure AD SAML2 SSO wrong NameID format
I am trying to integrate a SaaS application with an autonomous (not federated with anything) Azure Active Directory for SSO purposes. The SaaS application (the Service Provider) is SAML2 compliant (SP-...
5
votes
5
answers
5k
views
Cannot add verified publisher MPN ID to Azure multi-tenant app
To allow the users of our platform to sign in using their Microsoft account, we've created an app in our Azure Active Directory as per the documentation. I configured everything appropriately, until ...
5
votes
0
answers
6k
views
Local username Windows 10 Azure AD Microsoft 365
Is it possible to change the local username (C:\Users\xxx) on a AAD joined Windows 10 computer?
Long version:
Setup & Info: Windows 10 Business, Azure AD joined computer. Cloud only with "...
4
votes
3
answers
23k
views
Azure AD Connect change sync key userprincipalname to mail attribute
What is the recommended way to change the sync attribute from userPrincipalName to mail eg
You only get this option when you FIRST install AD connect
As far as I can tell, its disable sync, remove ...
4
votes
1
answer
693
views
How to simulate external azure active directory / create testing environment?
We regularly face the situation where access to internal applications (e.g. PowerBI) by external users (guest users in our AAD) need to be troubleshooted (errors in application specific configs). ...
4
votes
2
answers
14k
views
AADSTS50107: Requested federation realm object does not exist, when integrating Okta as an IdP for AAD
I'm trying to set up AAD with Okta, and find that when users visit the App Embed link and it posts their SAML response to https://login.microsoftonline.com/login.srf, they get an unhelpful error:
...
4
votes
1
answer
239
views
Azure AD connect custom install
I am trying to install Azure AD connect to sync the on-premise AD with Azure. I thought the whole process would be simple enough. However, I am facing strange issue. I have created service account, ...
4
votes
1
answer
11k
views
Azure Active Directory account auto-expiration
I need to set some user accounts in AAD to expire in some time. For example, students in the university should not be allowed to access class sharepoint site after graduation (4 years). Is their some ...
4
votes
3
answers
3k
views
Azure AD Guest User Type
Is there any way to tell whether a invited guest user is using either of the below to authenticate.
Microsoft Account (Personal Account)
or
Organisational Account (Work or School Account)
Account ...
4
votes
2
answers
28k
views
Windows 10 AAD Azure ad domain joined & SMB share
I have a number of Windows 10 clients domain joined to azure ad, I still have a local Windows 2012 r2 server onsite with a number of shares i wish to map to from the windows 10 clients. Bu if I try ...
4
votes
1
answer
1k
views
Azure AD migrating from cloud to on-premises
Has anyone migrated a fully developed Azure AD to on-premises DCs?
I work at a small tech start-up that grown. We have been using Azure AD for years with O365, security groups, enterprise apps, etc. ...
4
votes
1
answer
9k
views
Windows 2016 Server on site domain join with Azure AD
My company has their entire user/group architecture in the cloud using Azure. We recently purchased a Windows 2016 Server machine and I have been asked to set it up so that we can use our Azure ...
4
votes
1
answer
8k
views
Merging Office 365 users with AD DS?
We have just started to deploy a Hybrid Office 365 Solution and we already had some users who signed up to Office 365 themselves, before we had full access to the domain and enabled DirSync. This has ...
4
votes
1
answer
862
views
How can I design conditional access policies for geofencing that allow single user country exceptions?
In AzureAD, I have a global conditional access policy (cap) that prevents users from accessing their accounts from non approved countries (I do realize this is not an accurate/reliable means of ...
4
votes
4
answers
42k
views
How to mail-enable an existing Azure AD security group?
In a cloud-only Azure AD & Office 365 setup (in other words, no AD DS and no ADConnect), I have several security groups with assigned membership. I would like to mail-enable these.
The users who ...
4
votes
2
answers
5k
views
How does one map a drive on a Windows 10 device managed by Intune?
I'm trying to setup some basic group policy settings with Microsoft Intune. We have Windows 10 Enterprise installed on all our devices and they are Azure AD joined. To start I wanted to map a network ...
4
votes
2
answers
3k
views
Moving computer to new domain with same users
We currently have an Active Directory setup which was synced to our Azure AD. We are trying to migrate that to use Azure AD Directory Services which provide the domain controllers in the cloud.
I did ...
4
votes
1
answer
2k
views
Connecting AWS AD to Azure AD
We are looking in starting to use AD in our office, the setup would be:
On premise AD server for work stations
Azure AD to support Office 365
AWS AD to support AD on our servers
Connecting on ...
4
votes
1
answer
4k
views
AADSTS650052: The app needs access to a service (\"http://rts.powerapps.com\")
I'm trying to debug a RapidCMS site locally. I use AAD to authenticate the user against my domain. For no apparent reason I am now receiving this error when launching my app:
Microsoft
Sign in
...
4
votes
1
answer
982
views
What happens to Teams chats/discussion when an AD user is deleted and re-added?
I am experiencing mailbox issues with a user account in Office 365. My users are sync'd from my on-premise Active Directory using the Azure AD Connect application. I think I can resolve the issue by:
...
3
votes
3
answers
26k
views
In Azure AD, is it possible to change the owner of a Windows 10 device?
In Azure AD, is it possible to change the owner of a device, if so, how?
3
votes
3
answers
3k
views
Consolidating Office 365, AAD and Azure Subscription
my current situation is as follows:
We are running an Azure subscription that was set up with a PERSONAL Windows Live account, but the account has been set up using an email address from our actual ...
3
votes
2
answers
11k
views
Add properties to Azure Active Directory User "Work Info" tab
Within Azure Active Directory, if I create a new Active Directory and begin to manually add users, I have visibility of a number of fields:
However, there are way more tabs/fields on the server ...
3
votes
2
answers
4k
views
Office 365 with Azure AD - can I allow SSO for another 3rd party SAML app externally?
I'm shooting a little blind here in that I'm not an Azure expert and don't really mess with it yet beyond O365 and DirSync.
We have a 3rd party app written in Ruby on Rails that they are saying is ...
3
votes
2
answers
2k
views
Office 365 SSO with different internal and external domain names
I'm trying to get SSO to work with Office 365 and Sharepoint online and I'm getting really confused. My internal domain is "internal.com" and my external name is "external.com". external.com is added ...
3
votes
1
answer
306
views
Configuring passwordless authentication in Microsoft Entra ID
I've been working with conditional policies to lab up scenarios for deploying passwordless authentication and have been unable to figure out the best approach for new users.
If you create a policy for ...
3
votes
1
answer
4k
views
How can I authorize a MS365 user for remote desktop connections to an Azure-AD joined Windows 10 PC?
I'm in charge of a small Windows work group with a handful of computers. We later introduced MS 365 Business and users could log in using their MS 365 credentials, which I guess makes the computer ...
3
votes
1
answer
232
views
Active Directory ADSync error with non-existent account
I have a weird ADSync error stating that my local active directory contains two objects with the same ProxyAddress property. One of accounts is [email protected] (which is correct) and the second is ...
3
votes
1
answer
749
views
Accidentally changed UPN of Directory sync service account on Office 365
Over the weekend, I successfully got our AD to sync with Azure AD and Office 365. Things were going great, but for some reason the accounts that it synced defaulted to a @ourorganization.onmicrosoft....
3
votes
1
answer
112
views
How To Fix an Azure-Only Active Directory Environment
I just recently started my first job in IT and have been tasked with deploying 60 new laptops right off the bat. I have set up WSUS on our server as the first order of business, but there is a problem ...
3
votes
2
answers
5k
views
Is it possible to rename a Windows 10 device when using Autopilot to join it to the domain and Intune management?
Realizing that naming a PC is old school, I would still like to know if it is possible to rename a Windows 10 device either as part of the AutoPilot process or later through Intune.
Another ...
3
votes
2
answers
129
views
Is there a way to manage all the subscriptions under an organization in Azure?
Is there any way to manage all the azure subscriptions of an organization as a global administrator or do I need to be added as a co-admin to each individual subscription?
3
votes
2
answers
8k
views
Azure AD Joined Windows 10 Workstations | Time Sync?
I'm looking in to understanding how Time Sync works with a Win 10 Azure AD Joined laptop/workstation. Looking at my laptop, I noticed that Windows Time is not started and set to manual. Starting it ...
3
votes
1
answer
4k
views
Alert if a user is added to Global Admin in Azure AD
We are looking to set up a solution to monitor primarily the Global Admin role in Azure AD, so if a user is added to or removed from the role an e-mail is sent to a specific mailbox.
On our local AD ...
3
votes
1
answer
5k
views
OneNote: Allow my organization to manage my device
I joined an external Teams account as a guest. I opened one of the OneNote notebooks and now I'm seeing the following:
Use this account everywhere on your device
Windows will remember your ...
3
votes
1
answer
2k
views
Azure Portal's App Registration shows "Network error" when updating an app
I'm not able to update my Application Registration in Azure Portal. I consistently get "Network error: There is an issue establishing a connection to the service" :
Error screenshot
I am able to ...
3
votes
2
answers
16k
views
AADSTS90019 when attempting automatic Azure AD registration of domain-joined Windows 10 device
I am attempting to set up automatic AAD join for Windows 10 as described here: https://azure.microsoft.com/en-gb/documentation/articles/active-directory-conditional-access-automatic-device-...