Using the azure portal and the azure active directory I am sending out invitations to Guest Users. 90% of the time this works great - however there are some users where they cannot get logged in for the first time.
What sort of things should be analyzed?
Does their local AD (or possibly lack of) have anything to do with it?
Does their organization allowing users to receive mail with multiple email addresses have anything to do with it?
This has been a tough problem to solve as these are external users and it can be quite difficult to extract good information from them when attempting to diagnose the problem. Any help would be greatly appreciated.
Related
We have a Google Workspace account for our company using it mainly for Google Drive.
We want to switch our email system to Google aswell but I couldnāt find a proper howto or explanation how to create info# or support# emails that are going to chosen members of our company.
How we can solve this? Groups? Aliases?
Would be good if all mails going to a certain mail, could be saved and stored aswell in an inbox.
Thank you
It seems that you're looking for a Google Workspace Group. Each Group has an email address which can be turned into a collaborative mailbox. Members of the group have access to this mailbox which can be tailored in many ways.
Detailed steps for creation are available here.
I'll try to be as brief and comprehensive as I can.
Objective: To be able to upload PDF files generated after filling an HTML form to my personal OneDrive.
I have been looking into this for a few days now and cannot for the life of me figure out the proper way to set up the app and permissions in the Azure portal for this to work. I was initially using the Personal Microsoft accounts only option but quickly realized that would mean having to sign in. Then I tried the Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) option. So this seemed to be a step in the right direction as the end-user does not need to do anything. I could use Application Permissions which would work without a signed-in user. That is basically what I want.
This lead to another issue, Tenant does not have a SPO license. After looking up more, it seems that to use the OneDrive APIs, you need to have a subscription. Like I mentioned, I am using a personal account (free).
I also tried daemon (since I can use application permissions and work without a user signed in). But based on the Microsoft Graph Get Files Permissions, Only Delegated permission is supported for personal Microsoft account.
I am trying to achieve this through PHP and using the libraries that are recommended everywhere. I honestly think that I am finding this much more complicated than it really is but I really can't figure out where I'm going wrong.
In conclusions, I can't answer these questions:
Can a personal free account (with student subscription or not) be used to access OneDrive?
If so, what supported account type is ideal for this?
And finally, is there anywhere I can follow to do this?
P.S. I have tried a lot more things I mentioned here, so in case anyone thinks of something I should have done, ask me and I'll update you.
You have tried many and got many correct conclusions.
To make a personal account access the personal OneDrive, you have to use delegated permission. Application permission is not supported in this scene.
I know your requirement is not to sign in interactively. Unfortunately it's not supported to use ROPC flow for personal accounts.
So the only option is to use auth code flow or implicit grant flow. Both of them require you to sign in interactively.
In summary, uploading files to personal OneDrive using non-interactive login is not supported.
Our company has a Microsoft Azure account (Pay-As-You-Go).
We had a programmer that developed our web app. We gave him full access to our Azure account. So, he had access to everything.
We intend to hire another developer to make modifications to the web app, so he'll need access to the App Services and SQL Databases. Our intention is to just allow him access to those features.
We did our research and came across the documentation, Resources, roles, and access control in Application Insights. We followed it step by step, but there's an issue. Doc LINK
We tested the procedure by adding one of our IT staff's Microsoft account (personal Outlook.com account) and assigning him the Contributor role, and sent him an invite. He's not seeing the invite. We did the same for another staff, but it's the same problem.
Can we get some assistance please?
It was not working earlier .I tried with one gmail id. Now it is working perfectly fine and I am able to receive the invitation email.
To send invitation, you need to go to active directory. Add user's email as a guest under add user option (Add guest user).
From web search it appears that to be able to manage Windows Azure services, you need an account with one of the admin roles (service administrator, co-administrator etc).
From project management point-of-view, what is a good strategy to manage accounts for your company if you have several developers working on Azure?
Examples
A simple strategy could be to have a few designated administrators (e.g. team leaders) who upload the code while other developers use Azure Emulator on their machines.
Another example would be to have a shared Azure account used by many developers (not sure about licence implications for this one!).
These are just off the top of my head and have their drawbacks. What strategies do you use?
2 Places I've worked we've done the following.
Single Common A/C
Create a common email-distribution group (myteamonazure#mycompany.com)
Register this mail address as an MSN Passport
Use it to sign up with Azure.
Pro's: Everyone on the team gets mails regarding the account.
Con's: If someone leaves the team, we need to change the account password.
Individual accounts
Let each person signup with their own account. (Mandate it must be their company email... not personal msdn passport)
Make one person the super-admin, and the rest co-admins
Pro's: If someone leaves, it's far easier to just revoke their credentials/privs
Con's: Lots more accounts to keep track of depending on the size of your team, particularly if you're company has a single Azure Account, with lots of different apps/projects hosted on it.
Personally, I prefer the second option as it's more secure/easier to revoke access to individuals.
We recently switched our team to Google Apps and with that, everyone got a Google Apps account . However, for those of us with a GMail account as well, this makes it so that bringing up Gmail in your browser opens up either your personal account or your Google apps account.
Even though GMail has multiple Sign-ins enabled for both of my accounts, I still have to spend time switching through both accounts.
I was wondering if there was a way to specify the account I wanted to use in the URL directly, which would allow me to create a bookmark for GMail for both of these accounts:
something like:
http://mail.google.com?a=firstaccount#gmail.com
http://mail.google.com?a=workaccount#googleappsdomain.com
I just don't believe anyone at Google has never thought of this! :-)
The same question applies to all of Google's services too I guess (docs, sites, etc...)
https://mail.google.com/a/googleappsdomain.com/
This works like a charm, with one exception: regular gmail.com accounts. https://mail.google.com/mail/ will direct you to the inbox for whichever account you logged in as first. My work around has been to make sure I log into my personal e-mail first (but this at least avoids having to log into the rest in a specific order).
For an access to multiple gmail adresse you can use this :
https://accounts.google.com/ServiceLoginAuth?continue=http://mail.google.com/gmail&service=mail&Email=yourname#gmail.com