I have created a ad b2c account for testing purposes. I have created a couple of them to test and demo it to some of my stakeholders. Now i am trying to delete it.
When i try to delete the ad account, it says "there are application available that needs to deleted", there was only one application, but when i tried to delete i get the below message.
Where should i go to delete the application, i tried manage.portal also,but the delete button is not enabled
You need to first remove the application in he b2c application and then try to delete the b2C AD, if you have not done this way(something gets corrupted), you might have to create the support ticket with MSFT.
Additional checks
You also can check apps in apps.dev.microsoft.com if you have created one with your B2C user account. Then that message will show in azure b2c application setting , you need go to apps.dev.microsoft.com and delete that app , you will find that application disappear in azure ad b2c application list after seconds .
Related
With Multi-Factor Authentication enabled Azure portal, it requires users to approve every login in users’ Authenticator App.
When I changed my phone, Authenticator app must be migrated to my new phone. I used Back and Recover function of Authenticator app. I backed up and recovered account details to new phone. As work or school accounts, the migration process requires Additional Security Verification, which requires to rescan all QR codes of all accounts in Authenticator app. I have rescanned all QR codes of work or school accounts that I created.
Now my issue for this migration is Azure AD B2C account. It was created by Azure when I created Azure AD B2C directory. The name of the account in Authenticator app is admin_mydomain.com#EXT##mydomain.onmicrosoft.com. It is not a work or school account. From the name, it may relate to my Azure login account (admin#mydomain.com a work or school account). I have spent many hours for it. But I still don’t know where this special account details stored. So I can’t get the QR code of the account for Authenticator app. I can’t finish my Authenticator app migration.
This account authentication is required when I switch from Azure primary directory to Azure AD B2C directory in Azure portal.
Please help me with this issue. Thanks.
[UPDATE] I just realized that what worked for me, ist the the solution Alfredo R already posted! So I can confirm that this works.
While I'm still struggeling to revalidate my [username]#[custom-domain].onmicrosoft.com account, I think I found a solution for the AAD B2C problem:
Login to https://myaccount.microsoft.com/
Main menu "Securityinformation" will show you registered devices for your current organization
Main menu "Organizations": You should at least see the other organization of the B2C tenant
In the top right menu, click your avatar, and switch organizations, and swtich to the B2C tenant
The UI should be the same, but now your're logged in through the B2C tenant
Go back to "Securityinformation" and add your new device
I was lucky that my old device is still working, so I could switch easily organizations. If you can't switch because of MFA and no access to your old device, I think you still need to disable MFA in the B2C tenant as described the other solution and then turn it back on?
But I think thats the way to get the QR code for a B2C tenant, login to your account and switch to the B2C tenant by switching organizations.
admin_mydomain.com#EXT##mydomain.onmicrosoft.com is the UPN (user principal name) for the user hosted in the Azure B2C tenant for your work account admin#mydomain.com. Scan QR as with others but switching first to the B2C tenant.
There are a few steps need to fix this issue.
Need a global admin account of Azure AD B2C active directory. But You can’t use the one that you are going to migrate. Please create one if there is no other global admin account available.
Go to Azure Active Directory of Azure AD B2C directory. Please click on the Properties in the left main menu. Then go to the bottom of the Properties page. Click on the link: Manage security defaults. Disable security defaults and save on the popup window.
Run local PowerShell as local admin. Run following cmdlet to connect to Azure AD B2C active directory.
PS C:\WINDOWS\system32> Connect-MsolService
MAF login will ask for user name and password. Please use the credential of the global
admin account mentioned above. If there is no error appear, run the following cmdlet:
PS C:\WINDOWS\system32> Set-MsolUser -UserPrincipalName
admin_mydomain.com#EXT##mydomain.onmicrosoft.com -StrongAuthenticationMethods #()
Go back to Azure Active Directory of Azure AD B2C tenant > Properties of the left main menu > the bottom of the Properties page > click the link: Manage security defaults. Enable security defaults and save.
Login to Azure portal with admin#mydomain.com, then switch to Azure AD B2C directory. You will see a popup security setting wizard. That is same wizard as we first set up the directory. Please follow the wizard. You will see the QR code for admin_mydomain.com#EXT##mydomain.onmicrosoft.com. You can scan the QR code to finish the MS Authenticator migration.
In Azure portal under Azure AD B2C -> Users, there are two users listed both of which I added while running some of the AD examples. I want to delete both users however the delete button is disabled. How to enable the button and delete the users please?
Edit: I want to remove the user from my tenant directory and any apps they are associated with. If the user is associated with other tenants I don't want to touch that configuration.
Under roles and administrators I am shown as "Global administrator".
This is a paid Azure subscription.
Is it possible you are logged in with the user that is selected in your screenshot? Because this is the only way I am able to reproduce the button being disabled.
Even if you are looking at a B2C directory, you will also have the "normal AAD" users in this list, which are used to manage the directory. This way it could look like you have a user which signed up using a B2C user journey, when in fact it was not.
I have an Azure AD B2C tenant that I want to delete (pita process!).
So I have to delete manually all registered applications first.
And somehow I got an enterprise application named "Azure DevOps" registered there.
Which is undeletable. How to remove it?
I have found that there is no ne3ed to delete this application in order to delete the B2C tenant. Go to the properties of this application, then set "Enable users to sign-in to No". Then it will be posssible to delete the B2C tenant.
If you are trying to delete the Azure AD B2C tenant, I guess you have deleted all the users and admins.
Anyway, you need an admin account (if you don't have one, just create it) to log in to Azure AD in Powershell and use Remove-AzureADServicePrincipal -objectid to delete this enterprise app.
See details here.
A few days ago, before implementing user management with the Azure Active Directory Graph API (not Microsoft Graph) in our web app for Azure AD B2C users, I was able to log into the Azure Portal, find the Azure Active Directory B2C resource, click on it, and successfully authenticate into it in order to edit policies, view the list of users, etc.
(Clicking the tenant in the screenshot used to work!)
Now when I click on it, the screen flashes about 10 times, attempting to log my user into the tenant. But afterward, the following error is returned:
Furthermore, when I attempt to log into the web app with that same user, I get the following error message:
ERROR: Your account has been locked. Contact your support person to unlock it, then try again.
How do I unlock the account if I can't even get into the Azure AD B2C tenant? Did I corrupt the tenant by using the AAD Graph Client?
UPDATE
I'm adding more information about how I'm using the Azure AD Graph Client, in case it is important to diagnose why I, nor any other admin on my team, can log into the AAD B2C tenant.
I think the most relevant piece of how I'm using the Azure AD Graph Client is the following to update a user's "Organization" extension/custom attribute:
The x's represent the AAD B2C generated identifier associated with the extension and the y's represent a user GUID.
HTTP PATCH to https://graph.windows.net/genlogin.onmicrosoft.com/users/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy?api-version=1.6
Body: {
"extension_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_Organization":"Microsoft"
}
Is this incorrect use of the graph client? How do I get the AAD B2C tenant back to a state where I can log into it?
UPDATE
Furthermore, I also found the following link which talks about existing issues in AAD B2C management: https://blogs.msdn.microsoft.com/azureadb2c/2016/09/09/known-issue-b2c-app-mgmt/
Does this link apply at all? (My guess is no because it is the tenant itself that seems to be in a weird state, not the application associated with the tenant)
Due to the screen flashes about 10 times .It seems that you tried to login the Azure too many times within a short time. Azure login server has its own policy to prevent this kind of uncommon login event.
Try to use another admin account to login the b2c Tenant and reset your account password. If you don't have , call other admins to help you.
Otherwise, you need to wait and try to login later.
Additional, your client broswer may come across some issue which causes this event. You'd better check the evironment for your work.
I've been following this guide to get a B2C AD up and running
Create the B2C directory in the old portal (http://manage.windowsazure.com) ensuring "This is a B2C Directory" is checked.
Register an application in the new portal (http://portal.azure.com) under the B2C blade
Create the sign in policy.
When I try and test the sign in policy with the "Run now" and try and log in with my local account (the same one which has created the B2C AD -- the global administrator for this new AD) all I am met with is "We don't recognize this user ID or password".
What have I missed here?
I am able to reproduce this issue too. If you want to manage the users for the Azure B2C tenant, you can login the classic Azure Portal from here. However, currently there are a couple of known issues with user management (the Users tab) on the Azure classic portal:
Refer here about the Azure Active Directory B2C: Limitations and restrictions.
And if you want Azure AD to enable to login with the default global admin account, you can submit the feedback from here.