How to deal with the “Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph” recommendation

The “Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph” Entra ID recommendation has created a bit of a stir recently, so I finally got to put an article around it. Read on to find out how to handle any of the “impacted resources” found in this recommendation, more specifically, which entries to ignore. …

Continue readingHow to deal with the “Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph” recommendation

The strange case of a login loop caused by phantom “proofup” requirements

I experienced an interesting issue the other day. A user was being repeatedly prompted to register his authentication details, and ending up in a redirect loop between the “proofup” page and the login one. Here’s the most interesting part – requiring the user to re-register for MFA allowed him to …

Continue readingThe strange case of a login loop caused by phantom “proofup” requirements

Application management policies add support for Identifier URIs restrictions

Few years back, Microsoft released a set of new policy objects, allowing us to impose restrictions on the credentials used for service principal and application objects. In a nutshell, an application management policy can be used to control the type of credentials that can be configured for any given SP/application …

Continue readingApplication management policies add support for Identifier URIs restrictions

Legacy MFA settings in the Entra portal and how to control them programmatically

Did you know that the legacy MFA settings have been “ported” to the Entra Admin portal? Not only you can access and manage them therein, but you can also take advantage of this integration in order to enable programmatic access to said settings. Read the article to find out how! …

Continue readingLegacy MFA settings in the Entra portal and how to control them programmatically