I have already activated the Azure AD Premium P1 trail and it was expired. Can I re-activate it for another 30 days?
Related
We are authenticating SQL MI users with AAD - Universal with MFA and would like to see a log of all sign ins.
Would this be under the AAD/Users/Audit Logs/Sign ins?
We'd like to see a few months worth of data.
Thanks
In Azure Ad only 30 days of Sign in logs for user, Managed identities or even Service principals are available. After 30 days all the logs whether audit, Activity or Sign-In are flushed out on Azure’s end, unless you store the logs every month or every seven days in an Azure storage account or send it to Log analytics workspace.
For Azure AD Free Edition Sign in logs are retained only for 7 days. If you upgrade to Azure AD
Premium P1 or Azure AD Premium P2 then the sign in logs of past 30 days are available.
I created one SQL Server and enabled Azure AD User and tried Signing in with Azure AD Universal MFA via SSMS and managed Identity like below :-
Assigned VMs managed identity access to SQL server:-
SignInLogs of SQL server:-
For managed Identity logs, you can visit here :-
After clicking on try it out, New SignIn logs page will appear and you can select managed identity to verify if your managed identity is successfully logged into an Azure SQL server :-
As, Sign in logs are only available for 30 days in Azure AD, You can save the logs in the storage account every month by following the steps below :-
Click on Export Data settings above SignIn Logs page or Diagnostics Settings> Add diagnostics Settings > Select the required logs > Archive to Storage account > Select your storage account from Azure AD page like below :-
OR
Now, all your sign in and managed identity logs will be stored and populate in your storage account like below:-
Reference :-
How long does Azure AD store reporting data? - Microsoft Entra | Microsoft Learn
I have a setup where I have installed the Azure AD on-prem cloud provisioning agent on a Domain joined server. The setup was successful. I followed the documentation here:
https://learn.microsoft.com/en-us/azure/active-directory/cloud-provisioning/how-to-prerequisites
After configuring the agent in Azure AD, Users can only be synced as Member.
Is there a way to sync users as Guest using the provisioning agent?
Also, is there a Microsoft Graph API to validate the agent and do the configuration?
On-prem AD isn't synced to Azure AD as Guest and those synced users cannot be a Guest user and it's as per design.
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. Any user sync via AD connect will not be a guest user.
Clarification: This is about joining to Azure Active Directory - but not the Directory Services under the AAD.
I have a Server 2019 Azure VM - not joined to any AAD. The subscription is tied to Tenant X. I would like to "Azure AD join" this VM to a different AAD, belonging to Tenant Y. The scenario is to enable a user from tenant Y be able to use his/her credentials to login to this VM.
If you have ideas on how to do this in a scripted way - in the same tenant. That is welcome too.
When having multiple Azure subscriptions, can we view Azure portal AAD sign-in logs and activity audit logs in 1 single view, instead of per Azure subscription? If yes, how? Thanks a lot!
Both the sign-ins and audit-logs require the limited user roles to access them, and the sign-ins requires the Azure AD License that must have an Azure AD Premium license. But all of them have no requirements to display their activities with the Azure Subscriptions. For this, you could directly see from the columns in the audit-logs and sign-ins.
Is there any way to use Azure AD B2B in Azure Government?
Previously, when I clicked on "New user" and typed in a user from a different tenant (e.g. someguest#someothercompany.com) and it would tell me the users would be added as a guest but unlike Azure AD B2B in Azure commercial, it wouldn't send an email notification.
Now there's a separate "New guest user" button that's grayed out in Azure Government. Are there any conditions under which this button would show enabled? Or is there any other way to add a user from a different Azure AD tenant to my Azure AD Gov tenant?
Azure AD B2B is not yet supported in Azure Government. Support this ask by voting for it in the Azure Government feedback forum: Azure AD B2B in Azure Government
Each Azure Gov tenant cannot communicate with each other. You cannot even switch CSPs for your GOV Tenant.
There is kind of a hack for getting this to work.
Create two different AD servers in Azure, then use AD Synce/ Dir Sync with those two different ADs. Then have a site to site VPN to those different Azure ADs.