by XDK
25. October 2019 16:02
Exception:
PS C:\WINDOWS\system32> Get-AzManagementGroup -GroupName XDK_Organisation_Root
Get-AzManagementGroup : The client 'live.com#XXXXXX@XXXXXX.com' with object id '51bf3892'
does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope
'/providers/Microsoft.Management/managementGroups/XDK_Organisation_Root' or the scope is invalid. If access was recently
granted, please refresh your credentials.
At line:1 char:1
+ Get-AzManagementGroup -GroupName XDK_Organisation_Root
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzManagementGroup], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.ManagementGroups.GetAzureRmManagementGroup
Solution:
The Global Administrator account in Azure AD might not have access to all subscriptions and management groups in the directory. The solution is to elevate the global administrator account in Azure AD to access all subscriptions and management groups.
Azure portal --> Home --> Azure Active Directory -->Properties --> Select "Yes" --> Save.
by XDK
12. October 2019 00:49
Explanation:
Go to HOME --> Azure Active Directory --> Devices --> Device settings.
Open Apple Safari and navigate to Azure Active Directory Device Registration service Over-the-Air Profile endpoint for iOS devices.
https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/<yourdomainname>
Where <yourdomainname> is the domain name that you have configured with Azure Active Directory.
https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/xavierdilipkumar.com
Open Apple Safari and navigate to the Device Registration Service (DRS) Over-the-Air Profile endpoint for iOS devices.
https://adf1s.contoso.com/enrollmentserver/otaprofile
1. Log on to the webpage by using a domain account credentials
2. You are prompted to install a profile. On the Install Profile screen, click Install.
3. When prompted to confirm installation of the profile, click Install Now.
4. If your device requires a PIN to unlock the device, you are prompted to enter your PIN.
5. The profile installation is finished when you see the Profile Installed screen. Click Done.
6. Return to Safari. A message informs you that you can close or leave Safari.
Goto HOME --> Azure Active Directory --> Devices --> All devices
by XDK
12. October 2019 00:39
Explanation:
By default, applications registered in an Azure AD tenant are available to all users of the tenant who authenticate successfully.
To restrict registered apps from users in Azure AD tenant:
Go to HOME --> Azure Active Directory --> Enterprise applications --> All applications --> <select app> --> Manage - Properties --> "User assignment required?" to Yes
by XDK
12. October 2019 00:10
Explanation:
Go to HOME --> Azure Active Directory --> Custom domain names --> Add custom domain --> Enter your custom domain name --> Add domain
To use xavierdilipkumar.com with Azure AD, create a new TXT record with your domain name registrar using the info provided in the screen
Click Verify
by XDK
11. October 2019 23:53
Explanation:
Managed domain is the normal domain in Azure AD and can be deployed either through "Password Hash Sync" or "Pass Through Authentication" with Single Sign On.
Federated domain is used for Active Directory Federation Services (ADFS). The federation trust will make sure that the accounts in the on-premises Active Directory are trusted for use with the accounts in Azure AD with Single Sign On.
Deployed through WS-Fed and WS-Trust:
WS-Fed: This protocol is required to join a device to Azure AD.
WS-Trust: This protocol is required to sign in to an Azure AD joined device.