Connecting Azure AD mobilePhone attribute to SharePoint Online/Delve - sharepoint

I am running into an issue with having the user data for the mobilePhone attribute update and show up for our users' contact cards which run on the SPO/Delve platform. Does anyone know of a way to have the data sync?

To update Azure AD mobile phone attribute to SharePoint online, try making use of below steps:
Make sure to have the below modules installed before running the
PowerShell script
Azure Active Directory (AD) Module
SharePoint Online Module
MS Online Services Sign-in Assistant
Office365 CSOM package
The user must be a global admin on the SharePoint User Profile Application as well as a Service Admin on the Azure tenant.
To connect to PowerShell, make sure the user account must not be configured to MFA.
To get all users, make use of below query,
$AzureADUsers = Get-MSolUser -All
To overwrite existing values, make use of below query,
$overwriteExistingSPOUPAValue = "True"
To know how to do it in detail, please find below reference by Raymond Tishenko
Sync Mobile Phone from Azure Active Directory to SharePoint Online using PowerShell (tishenko.com).
After executing the script, you can see that values are successfully copied from Azure Active Directory to SharePoint.

Related

MS Graph can't query for SharePoint data

I'm trying to query 365 SharePoint list data from MS Graph.
I've setup the app via portal.azure.com and I gave it application permissions to everything that is required for User, Mail, Sites and Groups. I gave it permissions on the MS Graph and SharePoint sections within the permissions.
I can query for Users and their calendar information but when it comes to Sites I get the following.
Image of Api response
We have the Azure AD Premium P1 subscription for Education.
I tried using the same tenant ID, Client ID and secret in Postman and I get similar results.
I tried to query for the same data via myself logged into Graph Explorer and I get the data I'm expecting.
How can I query for the data from SharePoint via the app credentials for all sites and all data in my tenant
Thank you.
Users may be unable to access multiple Microsoft 365 services, any service that leverages Azure Active Directory (AAD) may be affected. Microsoft is working on this issue actively.
Microsoft 365 Service health status

Do I need to configure azureAD for powerapps?

I am new to powerapps, and I need to create an app with AzureAD authentication. But I am confused by this authentication. Do I understand correctly that I don't have to implement user sign-up and login screens, because every user which will be added to AzureAD would be able to login to microsoft account and will have an access to my powerapp?
So, I don't have to write any code for user signup/login/forgot password?
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?
PowerApps is building enterprise apps for your organization staffs. This app has to be developed, published and shared to AD users, and users can sign-in using Active directory single sign-on.
You can invite/share with AD individuals, security group or O365 group. But not Distribution groups. You can share the app to all users by sharing with “Everyone”.
Even PowerApps can be shared with external users (guests) but they must be guest users of an Azure Active Directory tenant.
How to share a PowerApp?
Yes, no signup or login other than Microsoft AD login/challenge screen.
Those snippets will be used to get current logged in user details.
Everything #ArunVinoth said and to add a little more info about:
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?:
These are PowerApps connectors (API wrappers) that allow you to surface AD/O365 data within the app for your users.
Example:
You may have a way for users to lookup contact information for people within the org.
You would add the Office365Users connector to your application
Then execute the .SearchUser method from that connector to display contact info based on user input.
These connectors are not for authenticating to the app, but rather providing lookup capabilities for your users. Or automating these lookups for your app logic.

Grant Permission to external user in azure active directory to access sharepoint site

I have developed a logic app, which receives a post request with JSON Object and I create external user in azure active directory. Till here everything is fine. Now I want to grant permission to newly created user to access our sharepoint site. There is a solution using Plumsail action connector but I do not want to use it. I want to achieve this using microsoft graph api.
Can you help me to achieve this?
Best way I think is adding the user to a group (with the AD connector) or using dynamic group to pick up the user. Then you can have sharepoint license connected to the group and have sharepoint access on the group.

Control Access to Microsoft Azure Account

Our company has a Microsoft Azure account (Pay-As-You-Go).
We had a programmer that developed our web app. We gave him full access to our Azure account. So, he had access to everything.
We intend to hire another developer to make modifications to the web app, so he'll need access to the App Services and SQL Databases. Our intention is to just allow him access to those features.
We did our research and came across the documentation, Resources, roles, and access control in Application Insights. We followed it step by step, but there's an issue. Doc LINK
We tested the procedure by adding one of our IT staff's Microsoft account (personal Outlook.com account) and assigning him the Contributor role, and sent him an invite. He's not seeing the invite. We did the same for another staff, but it's the same problem.
Can we get some assistance please?
It was not working earlier .I tried with one gmail id. Now it is working perfectly fine and I am able to receive the invitation email.
To send invitation, you need to go to active directory. Add user's email as a guest under add user option (Add guest user).

Working with external developers on Azure project - how?

I am new to Azure. I am getting myself confused very fast. My company has a project on Azure. We are looking to grant access to our external developers so they can log into our account and build a product for us ( setup a VM with mysql dbs and build an application ).
The only options I see are to invite users from another Active Directory or users who are in my own Active Directory? Is there no option to simply create a sign in credential for a user with say " email at gmail dot com" ?
What am I missing? I have created a Resource group but still can't invite anyone of our external consultants in there.
You can invite any user to manage your resources or your subscription.
There are 3 conditions for it:
You have the right to add it to your Azure AD
you are the owner of the subscription
The 'Guest user' already has an Azure account or a Microsoft Account
Then you have to go to:
Resources/Subscriptions
Access Control
Select a role (i.e. Contributor)
Type in the Account/Email of your external team member
check the checkbox and send the invitation
If you want to create generic users you can go straight forward to your AD and create a user i.e. developer1#contoso.onmicrosoft.com and add this user to the resource/subscription. Don't forget to take note of the credentials you created
So you would use Azure RBAC for that. Just click on the Resource Group > Access Control > Add.
You could also consult this blogpost for best practises.
If you just need them to develop and access SQL or a web App, you can pass the publish profile and SQL connection string to them.
Also, you can setup continous integration for the web App or virtual machine and pass git or GitHub or whatever source control you are using and pass the URL for the project, then they will commit the source code and fire a new build

Resources