What is Microsoft equivalent of Google reCAPTCHA? This is for spam prevention during the sign up process.
Related
I have been working on the development of a portal for a long time and one of the important modules of this portal is that it can login to 3rd party systems without asking username/password. It can be called a simple SSO.
At this point, I am trying to do this for Microsoft Teams :) I have user management authority in Azure AD, so I developed it with the ROPC user flow. I successefully get token, but I could not find any document on how to redirect the user to Microsoft Teams page. Is it possible to do this or not?
Thank you in advance for your help.
ROPC only supports a sign in flow. ROPC flow using on other flows(Microsoft teams) there won't be Single sign on, you will be just using the token endpoint. We would recommend you to use other flows if there are any specific requirements with the teams use Microsoft Graph API. And W.r.t Native app SSO using ROPC will not exhibit SSO across apps. Native App SSO using MSAL or any library that can allow cookie sharing across Apps will support SSO.
Microsoft recommends you do not use the ROPC flow. In most scenarios,
more secure alternatives are available and recommended. This flow
requires a very high degree of trust in the application, and carries
risks which are not present in other flows. You should only use this
flow when other more secure flows can't be used.
ROPC involves a user credentials while client creds are application credentials. More damage can be done if a user identity get stolen. app identity gets stolen you can't easily exploit it the same way as a user.
Please refer this doc if you are looking to Develop SSO Microsoft teams tab
I want to read mails of users of a specific domain (tenant) using Outlook API. However, I don't have privileges to register new app in Azure portal, for that domain, and so am not able to use Graph API. We cannot use Outlook API without an OAuth app. In this case, using IMAP/POP3 is my only choice? How secure is to use IMAP/POP3 to read mails when compared to Azure AD Graph API? Please advise.
It depends on what you really want to achieve.
If you just want to read the messages, configuring your mailbox in Outlook or other email provider with IMAP/POP3 is a preference. You don't need to worry about its security, it has been in service for decades.
For Microsoft Graph API, to call Microsoft Graph, your app must acquire an access token from the Microsoft identity platform. See Authentication and authorization basics for Microsoft Graph to learn more details about it.
So the point is how you want to read your email.
If you are developing your own app, using Microsoft Graph API is certainly the best choice. You can test GET https://graph.microsoft.com/v1.0/me/messages to list your emails in Microsoft Graph Explorer without registering an app in Azure AD.
After scouring the internet, I've found a variety of answers to this question, but nothing is clear. With an Azure AD app, it looks like Yammer Delegate permissions are included so I would imagine that I could use then ADAL token from the app, to interact with Yammer APIs but have been running into issues. Has anyone else got this working? Is there any way to silently authenticate with yammer in SharePoint online?
The Yammer Delegate permissions are a preview feature. Long-term we plan to integrate fully with the O365 developer experience, but aren't quite there yet. Today, Yammer supports a number of scenarios that don't align with O365. Once the product better aligns it's going to be possible to provide much deeper integration (not just limited to developer APIs.) One limitation of the delegate permission is that it won't work with networks that are using Yammer Identity. Another is that some endpoints might not accept the tokens.
The supported authentication flows for Yammer are documented on the developer site and these support users with all authentication types for Yammer. With these APIs you'll end up juggling an additional Yammer-only token. It is possible to use impersonation to silently authenticate users without them being prompted to authorize the Yammer app. There is a blog post providing an overview of how this can be used in combination with the Yammer JS SDK, but the tokens could be used from other clients.
We have a multi-tenant Windows Azure app. We use it to authenticate Office 365 users, and grant us access to the user's calendars.
We had a support question today saying:
I then click the office 365 button, am taken to
the Microsoft Office 365 login screen where it
tells me I’m already logged in with my office 365
account. I click “remain signed in with this
account”, put in my password again, then am just
shown a blank screen (and microsoft sends me a text
with my two-factor authentication code, but nowhere
to input it).
We did not test any 2-factor authentication users when testing our new office 365 login. But it seems to me like there is an issue on Microsoft's side in this scenario.
Is there something special we need to do on our end ( a setting in our Azure app maybe? ) to support 2-factor authentication for our users?
Is this even possible? I want to build a small community site but do not want to use Live ID.
Sharepoint has an extensible authentication provider model, so you could use that to extend it to support openid.
See the OpenID membership provider project on CodePlex. This provides OpenID support for SharePoint.
If you're just looking for a windows-based community site framework, I'd suggest Community Server, which has a free license and built-in OpenID support.
http://communityserver.com/products/express/
Many people have already done this using DotNetOpenId with SharePoint.
There are some discussions on the dotnetopenid mailing list that cover this topic. Feel free to post your question there to get the responses of a few people there who have done it.
There are exists two solution that exactly meet your requirments:
SharePoint Claims Provider for SharePoint Claims Based Authentication that use Windows Live ID and other OpenID provider such as Google and yahoo.
it will allows you and your members sign in to your SharePoint site with any OpenID provider or Windows Live ID.
Check SharePoint Live Authentication here : http://www.shetabtech.com/english/SharePointLiveAuth