Category: Entra ID

  • Deleting a Rogue Passkey Device

    Deleting a Rogue Passkey Device

    If you try and set up a passkey in Windows there is the possibility that if it goes wrong you will end up with an entry for a device but no passkey. I got this for a OnePlus device as the OnePlus Android OS (at the time of writing) does not support allowing Microsoft Authenticator…

  • Export Conditional Access Named Locations Using PowerShell

    Export Conditional Access Named Locations Using PowerShell

    The named locations can be used in Conditional Access rules as a way to block or allow countries by IP address to geo-lookup database. Whilst not always accurate, and can be bypassed by VPN or a virtual machine in an allowed location, they do have their uses as a basic block to where services can…

  • Testing Entra ID Claims and Single Sign-On Enterprise Apps

    Testing Entra ID Claims and Single Sign-On Enterprise Apps

    There is a class of Enterprise App in Entra ID (previously known as Azure Active Directory) that provides SSO (Single Sign-On) for apps outside of Microsoft 365 provided by other vendors. Some of these will be very commonly used apps and others not so. For these apps to sign you into their application with your…

  • Windows LAPS and Granting Roles to Administrative Units

    Windows LAPS and Granting Roles to Administrative Units

    This blog post discusses how to create both a custom admin role for reading the LAPS password and settings stored in Entra ID and then assigning that role so that only device administrators of an Entra ID Administrative Unit can see the local admin password for the subset of devices they are able to manage.…

  • Entra ID Multi-Factor Authentication/Conditional Access and External Federation Implementation

    Entra ID Multi-Factor Authentication/Conditional Access and External Federation Implementation

    I have a few clients (not many) who have external federation for Entra ID (previously Azure Active Directory) and over the last year or so have been looking into these and integrating them with Entra ID Conditional Access. This has become more of an issue recently with Microsoft’s recently creation of “Microsoft Managed” Conditional Access…

  • Inviting Google (Gmail) Users To Collaborate In Your Teams Channels

    Inviting Google (Gmail) Users To Collaborate In Your Teams Channels

    This post is not about inviting Google users to your meetings, where you just send them the meeting invite and all is good. This is about adding the Gmail user as a member of a Team, so they can see the Teams channels, chat and collaborate with files and apps along with everyone else in…

  • Is That Domain In Entra ID

    Is That Domain In Entra ID

    Occasionally it is useful to know if a domain name is registered with a tenant in Entra ID (previously known as Azure AD). There is a URL to lookup this information as to my knowledge there is not easy portal to query. The URL requires you to add an email address, though the actual user…

  • Introduction to Microsoft Graph PowerShell SDK

    Introduction to Microsoft Graph PowerShell SDK

    This short blog post is the 10 minute demo I presented at Microsoft Ignite 2023 in Seattle. It was not recorded, but this was the slide deck that went with it. Graph SDK Additional Content.pptx The full speaking text of the presentation might be added here once the jetlag goes away!

  • Bulk Token Retrieval Failed

    Bulk Token Retrieval Failed

    The Windows Configuration Designer (WCD) application (installed from the Microsoft Store) allows you to bulk convert standalone Windows 10+ clients to Azure AD Joined clients, and if you have Intune auto-enroll enabled then the client will enrol with Intune as well. But there are a number of issues with this application that result in errors…

  • Entra ID and Parental Consent

    Entra ID and Parental Consent

    For organizations that store the data of young adults and children, and in some legal regions, adults who cannot consent to their own legal affairs, you need to record the Age Group for the user, along with any Consent Provided in the case of Minors. There are three categories of Age Group in Entra ID…

  • Seamless Office 365 Message Encryption (OME) Never Works

    Seamless Office 365 Message Encryption (OME) Never Works

    Microsoft 365 Purview Message Encryption, previously known as OME (Office Message Encryption) and before that Microsoft Rights Management, allows you to share protected email with anyone on any device. Users can exchange protected messages with other Microsoft 365 organizations, as well as third-parties using Outlook.com, Gmail, and other email services. The feature is part of…

  • Message Classifications, Exchange Server, Exchange Online and Outlook

    Message Classifications are a way to tag email with a property that describes the purpose of the email, for example “Internal Use Only” might be a classification to tell the recipient of the email that the message should not be forwarded. Classifications are configured by administrators and appear shortly after creation in Outlook Web App,…