AzureAD Apps & Service Principals Within Azure AD you have App Registrations. You can do a lot with App Registrations. I mainly use it for automating tasks. Application or Delegated Permissions? A big disadvantage is that you cannot always choose Application Permissions with API Permissions. Here you can only choose Delegated Permissions. For example, the … Continue reading Delegated permissions with a Client Secret by adding roles to a Service principal
Which property comes closest to the LastLogin property? LastLogin is an attribute known from Active Directory, but this property is not present in AzureAD. Property RefreshTokensValidFromDateTime is closest to the LastLogin property. This property determines how long the token is valid for the last Login and when the local token must renew. Unfortunately this is … Continue reading Get AzureAD Users LastLogin for stale accounts PowerShell
Why would we put groups in groups? Groups in groups is used by enterprise companies that have main groups for, for example, Group based Licensing in AzureAD. And there are many more examples to mention.The disadvantage of groups in groups is that at a certain point you no longer know whether someone is in the … Continue reading How to get AzureAD Group Members nested groups in PowerShell
Message: One or more added object references already exist for the following modified properties: ‘members’. This is very specific, but I received the error message below after I tried to add users to an AzureAD group, after I first emptied the group. Do you recognize this?Then this blog post will help you. Let’s “Fix” this … Continue reading FIX: Get-AzureADGroupMember: Error occurred while executing AddGroupMember
“Baseline policy: Require MFA for admins (Preview)” the basics. There is a new Policy in Azure AD “Require MFA for admins (Preview)”. It is a policy in preview status that is enabled by Microsoft unless you set it yourself on turn off. The Policy is not yet active. It will not be long before Microsoft enables … Continue reading New Conditional Access Policy “Require MFA for admins (Preview)” will be enabled in the future.