I created a Dynamic Distribution List in my exchange online(this should hold all my employee, I was planning to use it in my Power Automate) but after 3 hours of creating it, its still not showing up in my M365 Admin Center. Anyone know if it will even show up here and if yes how long does it takes?
Below: Exchange Admin Center and the DDL I created
Below: Screenshot of my M365 Admin Center
No, it won't show up in M365 admin center. It's also not possible to use the DDL's group id in power automate to get a list of the members.
The best explanation I could find was from https://office365itpros.com/2020/11/23/exchange-online-dynamic-distribution-lists/
Short explanation:
"A DDL is composed of...An Exchange Online object which is not synchronized to Azure AD. A DDL only exists in EXODS."
"...because DDLs are not Azure AD objects, you can’t create or manage them through the Azure AD portal or the Microsoft 365 admin center."
Related
Trying to publish report in PowerBI using Service account. These are steps I did. I'm starting to learn this, so please correct me if I did anything wrong.
Created Microsoft 365 account, as Power BI wont take personal email to sign up.
Signed up for Power BI, activated pro account.
Need to invoke REST method, so I signed in using same Microsoft 365 account to Azure. With this account, when I try to add subscription, its taking me to page to select offers for subscription.
I have another Azure subscription, but I'm not able to change directory of Azure account I created with Microsoft 365, as I need subscription to do that.
So I thought fine, will do a subscription for Microsoft 365, but it has payment information with country defaulting to United States. It wont take my credit card info.
Is this wrong way of doing this automation? How to change directory without subscription, or should I dont even have to do this part?
Thanks in advance for any suggestions.
If you want to solve the payment info defaulting to USA, you can change your geo location. Use this list to find your Geographical location identifier (Hex)
then use this command to change it
Set-WinHomeLocation -GeoId $hex
Now try inputting your CC info, and it should show your country instead of USA.
As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.
I have two azure subscriptions, one personal, tied to my Microsoft ID, and another under a different Microsoft ID for a charitable organization where I am the one-man IT/web dev guy. I created the org's azure account/subscription myself. I can't figure out how to create websites, etc. under my personal MS ID login without logging in and out of the separate microsoft IDs to manage both sets of Azure resources.
Logging in with the org's MS ID, in the azure portal I've made my personal ID a subscription admin (Subscriptions>Access Control>Add my personal MS ID, then right clicked to make co-administrator. This is confirmed since now a right click shows "Remove co-admin" so that implies it's correctly set up as a subscription co-admin. That user is also in the Owner Role.
Step 2, in the Active Directory for the org subscription, Users and Groups>All Users>New User, added my personal MS ID. Then I select that user, click Directory Role on the left menu, and selected Global Administrator radio button and save.
So now my personal MS ID user is a subscription co-admin and a AD Global admin in the org's azure portal.
To check, if I then go to any resource group or App Service and look at Access control I see my personal MS ID user listed as an Owner for that resource and all other resources. So everything looks good.
So if I log out of the org ID and log in with my personal MS ID and go to the Azure portal, I see my usual personal Azure account resources. But I don't understand how to either see and manage those resources in the org's Azure subscription or how to switch subscriptions, or switch directories (it's not listed on the top right), and when creating a new resource, I have no option for the org's subscription to use. How do I see/manage those resources in the org's directory? Is this even possible? Or do I need to log out and log in with the org's MS ID, which is a major annoyance since it also logs me out of outlook etc. when I switch IDs.
Azure Subscriptions are "housed" within a specific Azure Active Directory Tenant. You should treat an AAD Tenant as the top level object structure, in that each Tenant is entirely separated from each other Tenant.
If you had multiple subscriptions within a single tenant, you would be able to sign in one time, and gain access to all those subscriptions.
However, since these subscriptions look like they are in different Tenants, there is no way to avoid logging in two times to access the two subscriptions. To expand on this, there would be no way to avoid logging in two times to access any unique objects across these two Tenants.
For me, the answer was
Access Azure portal login page
Click "Sign in as a different user"
type the exact same email address
select "School or Work account" option.
This one was tied to the Azure AD and they reset my password through there. Not sure it really helps you cos signing in and out all the time still a thing, but it took me far too long to get this right so thought i'd share.
I am creating a Leave Request form on PowerApps and i want to connect it with Azure AD of my organization.
The scenario is:
1. User fills up the form of Leave Request
2. The "Employee Name" and "Department" fields should be called by itself in the text box. I want to call these identities from Azure AD.
How can i perform this?
As far as I know, it is not available to connect to Azure AD to get the data in the PowerApps.
However it is able to get the user information using the User().FullName function to get the current username. If you also want it support to retrieve the department of current user, you may submit the feedback from here.
There is a system called Microsoft Flows where you can interface between Azure AD and your PowerApps application. I've been using it and albeit the fact that it's new and a little buggy, it's a possible solution for your problem.
We are a start-up software company with around 15 developers. We are almost entirely using Microsoft's technology stack.
A problem that we have at this point is the confusion between signing into Microsoft's online services.
Each developer has two accounts: an Office 365 account and a Windows Live account. The Live account is created from the Office 365 account's email address. So, essentially, we have one email address but two accounts (and thus two passwords).
When logging into an online service, we are often greeted with the following:
For many, this becomes a hit and miss with their various passwords until access is granted. From what I understand:
Work or school account: An Office 365 account OR an account set up in Active Directory?
Microsoft account: A Windows Live account?
Next, can Azure Active Directory help us in any way here?
Are we able to somehow unify our accounts so to have a "single sign-in" for Microsoft's online services?
EDIT:
Further comments on Dushyant Gill answer below.
If we don't need to register our Office365 accounts as Live accounts, then how would I typically add a user to the Azure Active Directory?
When creating a new user, I only have three options:
I guess the last option would be the correct approach if we wanted to move away from Live accounts. I want to add a user to my Azure AD from my Office365 AD?
When I try to do this, I get the following error:
Do I have to link the directories somehow?
davenewza, yes you can take action to improve the experience here (it won't be simple - but given the number of users in you company - it shouldn't be that difficult)
First, your company already has an Azure Active Directory - it is the directory behind your Office 365 subscription. Azure AD authenticates your company's users when they sign in to Office 365 services.
Second, you should use your Azure AD accounts (work or school account) to signup and access other Microsoft services that are meant for businesses: Microsoft Azure, Visual Studio Online, Microsoft Dynamics etc. The disambiguation screen that you see (pasted in your question) only shows up when you're signing in to a service that supports both Azure AD as well as Live accounts. So, move your Azure and other business services subscriptions to use Azure AD accounts and as a thumb rule - your companies users will always select the 'work or school account' option (if ever they see that screen).
Finally, let's get rid of that screen altogether: do you really need the live accounts to run your business? (what Microsoft services are you using that need live accounts?) If none, great - once you've moved your subscriptions to Azure AD accounts - get rid of the live accounts. If you indeed need them - change their emails (add an _live suffix to them) - you as it is have two password - different user names will reduce confusion.
Note that the second step will require you to call Microsoft support (or file online tickets) to move subscriptions for some services - however the risk of downtime is low because you already have Azure AD accounts - you might need to reconfigure permissions once the subscriptions are migrated.
I am with the Azure AD team - get in touch with me if you're stuck - contact me on http://www.dushyantgill.com
Best of luck.
ps: we are working to improve this experience - such that folks like you don't end up in this position in the first place. Stay tuned.