This is the public repo for Microsoft Entra documentation
License: MIT License
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
![prmerger-automator[bot] avatar](https://avatars.githubusercontent.com/u/22479449?v=4 "prmerger-automator[bot]")
For business that is syncing the Domain Admins to Entra AD (i know this is not recommended) the scripts (and the Entra Ad Connect Tool Trouble-shooter) do not apply the correct permissions to the adminsdholder object.
it seems to just be applying the same permissions as the root directory (where all the normal user objects reside with inheritance) however the domain admin/protected accounts are using adminsdholder for its permission template. this is of course by design however when the permissions get applied to this object (and ultimately copied to the admins ACLS) it is putting the applies to as Descendant User Objects.
It appears though the admin accounts are NOT descendant objects of the AdminSDHolder Object so when the ACL is copied across to the admin user objects it copies it exactly as what adminsdholder has and the permissions do not allow for write access as the ACL isnt applying to this object but rather to descendant objects.
when setting AdminSDHolder to read and write for this object only (for read and write attributes) and apply to the accounts (by manually running sdprop via LDP, the correct permisssions apply and i am able to sync.
hope this makes sense for your team.
Thanks,
Seth
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Docs say
The data won't be backfilled for this property, so you should expect to be returned only successful signIn data starting on 12/8/2023.
is that 12 August 2023?
is that 8 December 2023?
The target is an international audience; different territories use different formats.
This ambiguous date format is unhelpful.
May I suggest 'long date' or ISO 8601 format (YYYY-MM-DD)
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
I am not seeing the promised 2minute sync time from AD to Entra ID.
In fact the audit and provision logs show about 10 minutes between each update.
And in tenants with around 20k objects in scope for sync, a full sync can take two hours, and the size of the agent machine does not seem to impact this in any way.
I NEED a deep dive article explaining how this service does it's magic.
Secondly, it seems odd that a "delta sync" can only be kicked off from powershell or via Graph API, when there is a button for full sync in the portal. Both options would help. And a CLEAR indication that a sync is currently running would also be nice on the front page of any given configuration.
A specifically odd thing I have noticed, is that you can update attributes like the users primary SMTP address in the on-prem for an entire OU, but it can take over an hour for those changes to get synced, even thought it might only have been 100 users, and they will come into Entra ID and the provisioning loss in a slow drip, and then all of a sudden like a ketchup bottle, they all appear.
Sure there is a logical explanation. but having to provision them on demand, and beating the speed of the normal sync, just makes no sense to me at all.
Please add an on-demand OU sync feature instead so we can do an effective update during our M&A projects, where domain cutover etc. demands a quick attribute sync.
Please feel free to reach out for examples etc. I have many agents running in disjoint domains for M&A scenarios.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The page at https://learn.microsoft.com/en-us/entra/identity/authentication/fido2-compatibility details FIDO2 combability with iOS and Android, however this page seems to have an outdated statement:
As of February 2021, FIDO2 is not currently supported for native iOS or Android apps, but it is in development.
Is there any newer guidance?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
From what I have seen and heard from support you need to be a Privileged Role Administrator or Global admin not Cloud Device Administrator to manage Device administrators
[Enter feedback here]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
When a user reports fraud during an azure sign in for example to portal.azure.com, an error code shows up on their page which looks like this
Error Code: 500121
Request Id: 07hf610f-249-46sd-a1d7-3ccbdc5d6b00
Correlation Id: fde7a069-5cdf-4439-83a4-0899695ea5d2
Timestamp: 2023-12-01T01:01:11Z
This error code 500121 is not listed on this page.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
i think the sentence "Global Administrator and Global Reader can see all access reviews." should read "Global Administrator and Global Reader can see history reports for all access reviews."
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The word "verify" in heading of the section at the anchor linked below is misspelled.
https://learn.microsoft.com/en-us/entra/identity/hybrid/verify-sync-tool-version#verfiy-connect-sync
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Why do you have the user copy App Federation Metadata Url? The document never says to paste the App Federation Metadata Url?
7. On the Set up single sign-on with SAML page, In the SAML Signing Certificate section, click copy button to copy App Federation Metadata Url and save it on your computer.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hi team,
Shot in the dark maybe, but trying to reach help.
Here: https://learn.microsoft.com/en-us/entra/external-id/microsoft-account you guys show outdated documentation
It shows B2C images, while you advertise with External ID:
When I try to invite a federated Microsoft account (private [email protected] account) I can accept the invitation (got an email), awesome.
When I finish the user flow (accept permissions and filled in personal stuff), I land at : https://account.activedirectory.windowsazure.com/ ??
How to solve this, how to configure?
But In the users section of entra id, the user has been marked as "Accepted" invitation.
Then I try to login to our own application with the invited user email address.
But I can NOT login afterwards with the same email address.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
References to Azure Windows VM Sign-In appear to be outdated. Cloud App with appid of 372140e0-b3b7-4226-8ef9-d57986796201 now shows as Microsoft Azure Windows Virtual Machine Sign-In.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
[Enter feedback here]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The content you are editing has changed. Please copy your edits and refresh the page.
We're having trouble rendering your tasklist, it's most likely has one of the following formatting errors:
- [ ] on a line by itself)The 'Enable with Conditional Access policy' section could use some additional wording given recent changes around sign in frequency. Previously the conditions were 'Grant, Require MFA' we have now added sign in frequency as a session control recommendation with no context as to why.
This page has some additional useful wording to explain why which could be re-used; https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-session-lifetime#require-reauthentication-every-time
This line in particular would be good to highlight the consequences of selecting 'every time';
"When administrators select Every time, it will require full reauthentication when the session is evaluated."
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hi
After looking through the documentation it doesn't appear as if the following scenario is documented:
If we wish to deploy Password Protection for 1 child domain only this seems simple enough and the current documentation is sufficient. What appears to be missing is what happens if we wish to enable the second child domain into its dedicated tenant.
We are unsure if this is a supported scenario, mainly due to the documentation highlighting that a lot of the configuration appears to be forest-wide when we would need 2 different configurations at the forest level.
If this is an unsupported scenario it would be useful to have this highlighted, possibly in the FAQ page? If it is supported it would be useful to point this out at the relevant steps to ensure that we are following accurate guidance and not overwriting the first configuration in the forest.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Question states "Which operations can I perform using managed identities?"
The answers in the subsequent paragraph deals with operations that can be performed "ON" the managed identity itself, not what operations that can be performed "USING" the managed identity against other services.
Given the content of the answer, I would suggest the question be updated to the following:
"Which operations can I perform on managed identities?"
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
My question isn't so much about the documentation, more about the contents - is there somewhere Microsoft recommends we ask those?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
We've been trying to implement MFA on our VPN (currently using RRAS and the integrated Windows VPN client). Using the registry key to disable TOTP and force out-of-band MFA (Approve/Deny via MS Authenticator push notification, or phone call for those without MS Authenticator) works fine, but Microsoft's own documentation indicates that TOTP is more secure, and we wanted the flexibility of using being able to use TOTP codes and SMS auth, so we set up authentication via PAP to allow for TOTP.
This article gives detailed instructions on setting up NPS/MFA with an RRAS VPN server and Windows client, but doesn't seem to have been updated to reflect the fact that the NPS/MFA combination now supports TOTP when using PAP authentication... but the Windows VPN client doesn't.
Given that the page specifically discusses setting up RRAS to use NPS and Entra ID MFA, and how to configure the Windows 10 VPN client with it, can Microsoft please add something on this page to simply indicate that their own VPN client doesn't support the TOTP feature?
My ticket with Azure (the only way to get this actual answer) pointed me towards using OpenVPN, because apparently an open-source product can get updated to support Microsoft's RADIUS-based TOTP MFA implementation, but Microsoft makes it almost impossible to know that their own Windows VPN client does not support it.
It's OK to not support something, I suppose, but this one really should be mentioned explicitly by Microsoft, as one would expect their products to be at least a bit intercompatible.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
[Enter feedback here]
I need a reference documentation for the REST API of MS Identity Platform. I could not fin exact specification about the details (request/response parameters, error codes). Thanks!
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Workload Identities Premium must be on the Microsoft online service products list.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
It would be hugely beneficial to explain what CBA with federation is, how it differs from native CBA and what the authentication flow looks like. This article is raising a lot of confusion, because federation here can mean a lot of things:
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Test issue. Please assign to author.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hi there, I would like to know a couple of things that are not documented about Microsoft-managed policies. Perhaps a FAQ page would be useful.
Thanks for helping with some questions I think customers are going to be asking.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Looking for more information around these optional claims and how consumers should relying on them.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
At Enable sensitivity label support in PowerShell section, when run powershell command on step 4, it returns an error:
PS Command:
$params = @{
Values = @(
@{
Name = "EnableMIPLabels"
Value = "True"
}
)
}
Update-MgBetaDirectorySetting -DirectorySettingId $grpUnifiedSetting.Id -BodyParameter $params
Error:
Update-MgBetaDirectorySetting: Cannot process argument transformation on parameter 'DirectorySettingId'. Cannot convert value to type System.String.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
We are currently using Entra Connect Sync and would like to write back Entra ID groups that include Entra Joined Devices to AD as security groups using Group Writeback V2. The documentation stated at one time that this group writeback functionality was going to be removed from Connect Sync after public preview and built into Cloud Sync. The document still suggests using Cloud Sync for Group Writeback V2, but I don't see anything stating that Cloud Sync supports device writeback.
"The security group writeback functionality has been replaced by Microsoft Entra Cloud Sync. Going forward, you should use Microsoft Entra Cloud Sync for this functionality."
Reading further into the document it states that device writeback needs to be enabled:
"Devices that are members of writeback-enabled groups in Microsoft Entra ID will be written back as members of Active Directory. Microsoft Entra registered and Microsoft Entra joined devices require device writeback to be enabled for group membership to be written back."
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hello,
I've read a number of articles, including this, but not yet found the answer to my question. There is an IIS-based application that is run as some Windows services. It can use an Azure SQL database but currently as a computer account (DOMAIN_NAME\HOSTNAME$). We'd like it to be able to run as an Entra ID account and connect to the Azure SQL database as such. Is it possible to create a managed service account or managed identity in Microsoft Entra ID a Windows service can run as on a computer that is member to a Windows AD domain that is linked to Microsoft Entra ID? I know, it can run as a managed service account (domain\username$), no problem here, but what about running it as a Microsoft Entra ID account, is it possible?
Regards,
Attila
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hello,
Thank you for this information.
Cameroon is an opt-in country and our organization has users there. Our head office is located in Switzerland where we do not require opt-in.
Could you please clarify and give us answers to the following questions:
Thank you
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Can you in https://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam#about-azure-ad-b2c include scenario when we have existing AAD B2C Sign-in/sign up custom policies solution, but consider to add new features(such as social signin)?
If we will decide to wait until Entra External ID will be GA, can functionality co-exist, e.g. one application will use AAD B2C and another Entra External ID with common existing B2C tenant?
Will existing AAD B2C tenant be compatible with new Entra External ID requirements https://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam#create-a-dedicated-tenant-for-your-customer-scenarios?
Are you planning to have a document describing using in parallel AAD B2C and Entra External ID solutions and also migration from AAD B2C to Entra External ID solution?
“Entra External ID “ documentation uses “user flow” term, how it is similar to B2C “user flow” vs “custom policy” concepts?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
[Enter feedback here]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
"Privilegd" should of course be "Privileged". There are three instances of this typo, I'm sure you'll have no trouble ctrl+f-ing the offenders.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hi
Is there further documentation around using WDAC with tenant restrictions? For example there is no documentation to state what the app tag should be.. Just "Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information.
For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230"
That URL goes to a generic page about WDAC and not within context to using it with Tenant Restrictions.
Thank you
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
[Enter feedback here]
Hi
Last time Microsoft change how we can find appliaction when creating CAP policy. In the past the name was DisplayName - now is Name.
So for Microsoft Azure Management app to add to CAP Policy we have to use the name "Windows Azure Service Management API". Can you change your articles ?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
I have setup an API Driven Inbound Provisioning app and a Client app. I added a custom attribute of type string with multi-valued ON.
The value for this multi-valued attribute is sent in Bulk Upload as below
"urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User": {
"HireDate": "2022-07-01",
"SecondarySubjects": [
{
"subject":"Maths",
"startDate": "2023-01-01",
"endDate": "2024-12-31"
},
{
"subject":"History",
"startDate": "2023-01-01",
"endDate": "2024-12-31"
}
]
The provisioning logs report the following error in Troubleshoot & Recommendations tab.
Export of the object with id = and joining property = to the Microsoft Online Directory Service failed. Reason: Content-Type: multipart/mixed; boundary=changesetresponse_b049bae6-8d90-4eca-b0d8-f582286addc3 --changesetresponse_b049bae6-8d90-4eca-b0d8-f582286addc3 Content-Type: application/http Content-Transfer-Encoding: binary HTTP/1.1 400 Bad Request Content-ID: 2 DataServiceVersion: 3.0; Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8 {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"A value without a type name was found and no expected type is available. When the model is specified, each value in the payload must have a type which can be either specified in the payload, explicitly by the caller or implicitly inferred from the parent value."}}} --changesetresponse_b049bae6-8d90-4eca-b0d8-f582286addc3-- . This operation was retried 0 times. It will be retried again after this date: 2023-12-14T07:53:02.8100328Z UTC
Changing the payload to continues to throw the same error
"urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User": {
"HireDate": "2022-07-01",
"SecondarySubjects": [
"Maths","History"
]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
We have had a large discussion around what is the actual requirement for a company of 100 users that expect a turnover of 350 employees. It is not clear if I need 351 or 701 licenses to cover a turnover of an employee.
If someone leaves, we need to replace that person. Is that 1 license or 2?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
We recently added support for group writeback with the cloud sync agent :
This is not reflected in the chart on this page and needs to be added :
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Some users may already be registered, however still receive prompts such as
Trying to understand the causes for this screen continued to lead me to this registration campaign article, however I think its not directly related, as the Authentication Context in the Entra ID logs state:
User authentication was blocked because they need to provide password reset information. Their next interactive sign in will ask them for this, which the app should trigger next.
Can you please describe this parallel feature in a note or link to the relevant documentation at the bottom of the article? If you decide to describe it here, please also explain how frequently these prompts are expected to happen. I have users who have already registered their Authenticator App, and continue to see this screen a few times a year.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The VM Extention AADSSHLoginForLinux seems not to be working on Azure Debian Images.
Not exactly sure if it is an issue with the feature or with the documentation itself on the supported versions.
az vm extension set --publisher Microsoft.Azure.ActiveDirectory --name AADSSHLoginForLinux --resource-group <RGName> --vm-name <MachineName>
VM Extension should be added to the machine and operate normally.
The same config with Ubuntu 22.04 works normally
Too bad. This feature looks promising.
Let me know if you need any further information.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Specifically at this link. It would be handy to understand if another or newer detection (like Malicious IP address for example) is replacing this detection.
Saying a detection is deprecated is fine, and that no more alerts will trigger is fine, but not providing more information to help identify if there will need to be some configuration change to make up for the deprecation makes this tricky.
Looking at the page, an educated guess would lead me to think Malicious IP address is taking over the detection capability of Malware Linked IP address as they seem to offer similar detections based on name alone.
Can this please be clarified? thanks
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Customer is trying to implement the conditional access suggested in the article but cannot find the application "Microsoft Azure management".
The application mentioned above changed to "Windows Azure Service Management API" (appId: 797f4846-ba00-4fd7-ba43-dac1f8f63013).
Can you please update it so customers don't get confused.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Hello
About https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#guest-inviter
We had to open a support request as this Role have some explicit deny or undocumented documentations.
As discussed elsewhere https://techcommunity.microsoft.com/t5/partner-led-tech-topics/getting-403-quot-insufficient-privileges-to-complete-the/m-p/4005729
If you assign the Guest Inviter on a user who already have User Administrator, it break the User Administrator role.
You cannot access the user profil or edit the user profile data in EntraID until you remove the Guest Inviter role.
Can you also write the restriction this role have in addition to its explicit rights in the documentation?
It's mainly for GDAP, not tester from within the tenant itself.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
This note:
Note
If your AD domain is not visible in the Active Directory Domain dropdown list, reload the provisioning app in the browser. Click on View on-premises agents for your domain to ensure that your agent status is healthy.
seems aimed at people who's AD domain is not visible in the drop-down list. However the troubleshooting advice in the second sentence is not helpful, since that "view on-premises agents" doesn't exist[0], if the domain isn't visible.
Furthermore, I have registered a server and I cannot get the domain to appear. Refreshing the page doesn't help. Additional troubleshooting tips, such as checking the event logs[1], or other areas would be helpful, as the current suggestion is confusing and inadequate.
[0]
[1]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Is Dynamic memberships available in Azure Gov/GCCH?
Is there any known limitations in Azure Gov/ GCCH?
[Enter feedback here]
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Under "Back up your Microsoft Entra Connect configuration" it should be "rollback" not "role-back"
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Missing required extra comma on mapping expression.
correct: FormatDateTime([StatusHireDate], ,"yyyy-MM-ddzzz", "yyyyMMddHHmmss.fZ" )
incorrect: FormatDateTime([StatusHireDate], "yyyy-MM-ddzzz", "yyyyMMddHHmmss.fZ" )
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The sample code for Register the connector using a token created offline does not work.
I've created a .NET 6 console app using the code from the documentation, and instead of obtaining a token we get an error to say the redirect_uri is invalid:
Sign in
Sorry, but we’re having trouble with signing you in.
AADSTS50011: The redirect URI 'http://localhost:60108' specified in the request does not match the redirect URIs configured for the application '55747057-9b5d-4bd4-b387-abf52a8bd489'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Troubleshooting details
If you contact your administrator, send this info to them.
Request Id: 64bee792-97ae-4a5a-a407-abf567545000
Correlation Id: 03dfcf9c-cbe8-43d4-9380-5d308a8173e1
Timestamp: 2023-12-06T13:09:06Z
Message: AADSTS50011: The redirect URI 'http://localhost:60108' specified in the request does not match the redirect URIs configured for the application '55747057-9b5d-4bd4-b387-abf52a8bd489'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
Flag sign-in errors for review: [Enable flagging](https://login.microsoftonline.com/common/debugmode)
If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.
This is the same as 85855, where someone responded saying the redirect needs to be "https://login.microsoftonline.com/common/oauth2/nativeclient", if I update the code to force this url as the redirect url, we get a runtime exception saying the redirect url must be using the loop back address.
Microsoft.Identity.Client.MsalClientException: 'Only loopback redirect uri is supported, but https://login.microsoftonline.com/common/oauth2/nativeclient was found. Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object.
This is using the lates version of Microsoft.Identity.Client, and I've also tried using v4.7.1 as specified in the documentation.
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
https://learn.microsoft.com/en-us/entra/external-id/leave-the-organization#why-cant-i-leave-an-organization
This section does not contain how to leave the external organization if its not listed ?
https://techcommunity.microsoft.com/t5/microsoft-teams/wish-to-remove-guest-account-from-ms-teams-desktop-app/m-p/862133
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Please clarify what is the difference between “Microsoft Entra ID for customers” vs “Microsoft Entra External ID”
Are you using them interchangeably? Is one of them temporary name and another official name? Which one is the recommended to use?
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
I have read the 'Token Lifetime' section of this article and am wondering if the following is true:
If a client is not a single-page application (SPA), and a refresh of a refresh token is requested, the expiry date of the new refresh token will not be carried over from the previous refresh token. So it must be that the refresh token can be renewed indefinitely without requiring user interaction, unless timeouts or revocations occur (as mentioned in the 'Token Expiration' section of the same article).
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
When you are providing PowerShell examples in the MS Docs, please explain each parameter and values in the example.
"Add a resource to a catalog with PowerShell"
In the above documentation, I was unable to figure out the values in RED. If you provide comprehensive explanation, it would be easy to understand.
Regards,
Mukesh
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
Please provide some information about How we can get a reminder sent to notify us when a secret is going to expire
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.