You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfa-nps-extension.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -222,7 +222,7 @@ Look for the self-signed certificate created by the installer in the cert store,
222
222
223
223
Self-signed certificates generated by the *AzureMfaNpsExtnConfigSetup.ps1* script also have a validity lifetime of two years. When verifying that the certificate is installed, you should also check that the certificate has not expired.
### How can I verify that my client cert is associated to my tenant in Azure Active Directory?
228
228
@@ -248,13 +248,13 @@ Once you run this command, go to your C drive, locate the file and double-click
248
248
249
249
Valid-From and Valid-Until timestamps, which are in human-readable form, can be used to filter out obvious misfits if the command returns more than one cert.
Check that your password hasn't expired. The NPS Extension does not support changing passwords as part of the sign-in workflow. Contact your organization's IT Staff for further assistance.
Copy file name to clipboardExpand all lines: articles/active-directory/conditional-access/howto-baseline-protect-administrators.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,6 +69,9 @@ To enable this policy and protect your administrators:
69
69
1. Add any user exclusions by clicking on **Users** > **Select excluded users** and choosing the users that need to be excluded. Click **Select** then **Done**.
70
70
1. Click **Save**.
71
71
72
+
> [!WARNING]
73
+
> There was an option **Automatically enable policy in the future** when this policy was in preview. We removed this option to minimize sudden user impact. If you selected this option when it was available, **Do not use policy** is automatically now selected. If they want to use this baseline policy, see steps above to enable it.
Copy file name to clipboardExpand all lines: articles/active-directory/conditional-access/location-condition.md
+4-1Lines changed: 4 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,7 +54,10 @@ A named location has the following components:
54
54
-**Countries/Regions** - This option enables you to select one or more country or region to define a named location.
55
55
-**Include unknown areas** - Some IP addresses are not mapped to a specific country or region. This option allows you to choose if these IP addresses should be included in the named location. Use this setting when the policy using the named location should apply to unknown locations.
56
56
57
-
The number of named locations you can configure is constrained by the size of the related object in Azure AD. Organizations can configure up to 90 named locations, each configured with up to 1200 IP ranges.
57
+
The number of named locations you can configure is constrained by the size of the related object in Azure AD. You can configure locations based on of the following limitations:
58
+
59
+
- One named location with up to 1200 IP ranges.
60
+
- A maximum of 90 named locations with one IP range assigned to each of them.
58
61
59
62
Conditional Access policy applies to IPv4 and IPv6 traffic. Currently named locations do not allow IPv6 ranges to be configured. This limitation causes the following situations:
Copy file name to clipboardExpand all lines: articles/active-directory/devices/concept-primary-refresh-token.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,6 +60,9 @@ The PRT is issued during user authentication on a Windows 10 device in two scena
60
60
61
61
In these scenarios, the Azure AD WAM plugin is the primary authority for the PRT since Windows logon is not happening with this Azure AD account.
62
62
63
+
> [!NOTE]
64
+
> 3rd party identity providers need to support the WS-Trust protocol to enable PRT issuance on Windows 10 devices. Without WS-Trust, PRT cannot be issued to users on Hybrid Azure AD joined or Azure AD joined devices
65
+
63
66
## What is the lifetime of a PRT?
64
67
65
68
Once issued, a PRT is valid for 14 days and is continuously renewed as long as the user actively uses the device.
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/active-directory-faq.md
+20-20Lines changed: 20 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,7 @@ For more information, see:
31
31
32
32
*[How Azure subscriptions are associated with Azure Active Directory](active-directory-how-subscriptions-associated-directory.md)
33
33
34
-
- - -
34
+
---
35
35
**Q: What’s the relationship between Azure AD, Office 365, and Azure?**
36
36
37
37
**A:** Azure AD provides you with common identity and access capabilities to all web services. Whether you are using Office 365, Microsoft Azure, Intune, or others, you're already using Azure AD to help turn on sign-on and access management for all these services.
@@ -40,7 +40,7 @@ All users who are set up to use web services are defined as user accounts in one
40
40
41
41
Azure AD paid services like Enterprise Mobility + Security complement other web services like Office 365 and Microsoft Azure with comprehensive enterprise-scale management and security solutions.
42
42
43
-
- - -
43
+
---
44
44
45
45
**Q: What are the differences between Owner and Global Administrator?**
46
46
@@ -52,27 +52,27 @@ By default, the person who signs up for an Azure subscription is assigned the Gl
52
52
53
53
Additionally, Azure AD paid services like Enterprise Mobility + Security complement other web services, such as Office 365 and Microsoft Azure, with comprehensive enterprise-scale management and security solutions.
54
54
55
-
- - -
55
+
---
56
56
**Q: Is there a report that shows when my Azure AD user licenses will expire?**
57
57
58
58
**A:** No. This is not currently available.
59
59
60
-
- - -
60
+
---
61
61
62
62
## Get started with Hybrid Azure AD
63
63
64
64
65
65
**Q: How do I leave a tenant when I am added as a collaborator?**
66
66
67
67
**A:** When you are added to another organization's tenant as a collaborator, you can use the "tenant switcher" in the upper right to switch between tenants. Currently, there is no way to leave the inviting organization, and Microsoft is working on providing this functionality. Until this feature is available, you can ask the inviting organization to remove you from their tenant.
68
-
- - -
68
+
---
69
69
**Q: How can I connect my on-premises directory to Azure AD?**
70
70
71
71
**A:** You can connect your on-premises directory to Azure AD by using Azure AD Connect.
72
72
73
73
For more information, see [Integrating your on-premises identities with Azure Active Directory](../hybrid/whatis-hybrid-identity.md).
74
74
75
-
- - -
75
+
---
76
76
**Q: How do I set up SSO between my on-premises directory and my cloud applications?**
77
77
78
78
**A:** You only need to set up single sign-on (SSO) between your on-premises directory and Azure AD. As long as you access your cloud applications through Azure AD, the service automatically drives your users to correctly authenticate with their on-premises credentials.
@@ -81,40 +81,40 @@ Implementing SSO from on-premises can be easily achieved with federation solutio
81
81
82
82
For more information, see [Integrating your on-premises identities with Azure Active Directory](../hybrid/whatis-hybrid-identity.md).
83
83
84
-
- - -
84
+
---
85
85
**Q: Does Azure AD provide a self-service portal for users in my organization?**
86
86
87
87
**A:** Yes, Azure AD provides you with the [Azure AD Access Panel](https://myapps.microsoft.com) for user self-service and application access. If you are an Office 365 customer, you can find many of the same capabilities in the [Office 365 portal](https://portal.office.com).
88
88
89
89
For more information, see [Introduction to the Access Panel](../user-help/active-directory-saas-access-panel-introduction.md).
90
90
91
-
- - -
91
+
---
92
92
**Q: Does Azure AD help me manage my on-premises infrastructure?**
93
93
94
94
**A:** Yes. The Azure AD Premium edition provides you with Azure AD Connect Health. Azure AD Connect Health helps you monitor and gain insight into your on-premises identity infrastructure and the synchronization services.
95
95
96
96
For more information, see [Monitor your on-premises identity infrastructure and synchronization services in the cloud](../hybrid/whatis-hybrid-identity-health.md).
97
97
98
-
- - -
98
+
---
99
99
## Password management
100
100
**Q: Can I use Azure AD password write-back without password sync? (In this scenario, is it possible to use Azure AD self-service password reset (SSPR) with password write-back and not store passwords in the cloud?)**
101
101
102
102
**A:** You do not need to synchronize your Active Directory passwords to Azure AD to enable write-back. In a federated environment, Azure AD single sign-on (SSO) relies on the on-premises directory to authenticate the user. This scenario does not require the on-premises password to be tracked in Azure AD.
103
103
104
-
- - -
104
+
---
105
105
**Q: How long does it take for a password to be written back to Active Directory on-premises?**
106
106
107
107
**A:** Password write-back operates in real time.
108
108
109
109
For more information, see [Getting started with password management](../authentication/quickstart-sspr.md).
110
110
111
-
- - -
111
+
---
112
112
**Q: Can I use password write-back with passwords that are managed by an admin?**
113
113
114
114
**A:** Yes, if you have password write-back enabled, the password operations performed by an admin are written back to your on-premises environment.
115
115
116
116
For more answers to password-related questions, see [Password management frequently asked questions](../authentication/active-directory-passwords-faq.md).
117
-
- - -
117
+
---
118
118
**Q: What can I do if I can't remember my existing Office 365/Azure AD password while trying to change my password?**
119
119
120
120
**A:** For this type of situation, there are a couple of options. Use self-service password reset (SSPR) if it's available. Whether SSPR works depends on how it's configured. For more information, see [How does the password reset portal work](../authentication/howto-sspr-deployment.md).
@@ -127,7 +127,7 @@ For Azure AD accounts, admins can reset passwords by using one of the following:
**Q: Are accounts locked after a specific number of failed attempts or is there a more sophisticated strategy used?**
133
133
@@ -149,7 +149,7 @@ We do have a gateway that filters requests and provides some protection from bot
149
149
150
150
For a complete list of the pre-integrated applications, see the [Active Directory Marketplace](https://azure.microsoft.com/marketplace/active-directory/).
151
151
152
-
- - -
152
+
---
153
153
**Q: What if the application I need is not in the Azure AD marketplace?**
154
154
155
155
**A:** With Azure AD Premium, you can add and configure any application that you want. Depending on your application’s capabilities and your preferences, you can configure SSO and automated provisioning.
@@ -159,7 +159,7 @@ For more information, see:
159
159
*[Configuring single sign-on to applications that are not in the Azure Active Directory application gallery](../manage-apps/configure-federated-single-sign-on-non-gallery-applications.md)
160
160
*[Using SCIM to enable automatic provisioning of users and groups from Azure Active Directory to applications](../manage-apps/use-scim-to-provision-users-and-groups.md)
161
161
162
-
- - -
162
+
---
163
163
**Q: How do users sign in to applications by using Azure AD?**
164
164
165
165
**A:** Azure AD provides several ways for users to view and access their applications, such as:
@@ -171,7 +171,7 @@ For more information, see:
171
171
172
172
For more information, see [End user experiences for applications](../manage-apps/end-user-experiences.md).
173
173
174
-
- - -
174
+
---
175
175
**Q: What are the different ways Azure AD enables authentication and single sign-on to applications?**
176
176
177
177
**A:** Azure AD supports many standardized protocols for authentication and authorization, such as SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation. Azure AD also supports password vaulting and automated sign-in capabilities for apps that only support forms-based authentication.
*[Single sign-on for applications in Azure AD](../manage-apps/what-is-single-sign-on.md)
184
184
185
-
- - -
185
+
---
186
186
**Q: Can I add applications I’m running on-premises?**
187
187
188
188
**A:** Azure AD Application Proxy provides you with easy and secure access to on-premises web applications that you choose. You can access these applications in the same way that you access your software as a service (SaaS) apps in Azure AD. There is no need for a VPN or to change your network infrastructure.
189
189
190
190
For more information, see [How to provide secure remote access to on-premises applications](../manage-apps/application-proxy.md).
191
191
192
-
- - -
192
+
---
193
193
**Q: How do I require multi-factor authentication for users who access a particular application?**
194
194
195
195
**A:** With Azure AD Conditional Access, you can assign a unique access policy for each application. In your policy, you can require multi-factor authentication always, or when users are not connected to the local network.
196
196
197
197
For more information, see [Securing access to Office 365 and other apps connected to Azure Active Directory](../active-directory-conditional-access-azure-portal.md).
198
198
199
-
- - -
199
+
---
200
200
**Q: What is automated user provisioning for SaaS apps?**
201
201
202
202
**A:** Use Azure AD to automate the creation, maintenance, and removal of user identities in many popular cloud SaaS apps.
203
203
204
204
For more information, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
205
205
206
-
- - -
206
+
---
207
207
**Q: Can I set up a secure LDAP connection with Azure AD?**
208
208
209
209
**A:** No. Azure AD does not support the Lightweight Directory Access Protocol (LDAP) protocol or Secure LDAP directly. However, it's possible to enable Azure AD Domain Services (Azure AD DS) instance on your Azure AD tenant with properly configured network security groups through Azure Networking to achieve LDAP connectivity. For more information, see https://docs.microsoft.com/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap.
0 commit comments