We currently signed up for Azure AD Premium subscription specifically for allowing self service password management for our O365 users. Upon evaluation it appears AD Basic subscription may be better suited for our needs. Does anyone have information about converting the subscription from Premium to Basic?
Thanks,
-Tony V
You should be able to simply add the subscription to AAD Basic, re-license your users (e.g. using AAD PowerShell), and then cancel the AAD Premium subscription.
Related
I'm trying to figure out the best way to replicate an LDAP sync or a tool like Azure AD connect but for multiple Azure AD tenants to a single Azure AD B2C tenant. When a user is created in an Azure AD tenant it needs to sync over to the Azure AD B2C tenant. I need the user to exist in the B2C tenant before that user ever tries to login so I can't just point to the Azure AD tenant as the IDP. This is because not all of the users of the AD tenants will login but we will want to show the admin of that tenant all the users.
I've reached out to Microsoft's Azure architects but haven't gotten much feedback on the best approach. Looking for any examples or documentation on the best way to achieve this.
One way would be to develop a SCIM service that provides an endpoint for Azure AD to connect to.
The SCIM service would then call the Graph API to perform the user CRUD in B2C.
This is because B2C has no native SCIM support.
There is a Microsoft sample for the service that you could use. Described here.
Now that I can let users sign up for a regular Azure AD tenant with Google, Facebook, etc accounts, what advantages does Azure AD B2C still offer? I know one big disadvantage they have is not offering application roles.
To understand why we need to use Azure B2C, I think you need to learn the differences between AAD and AAD B2C.
We can say AAD is mainly for employee and B2C is mainly for customer.
Although we can add guests into regular Azure AD, we can't use an AAD tenant for millions of customers.
Separating the management of customers and employees is an important role of B2C.
There are several other reasons why we use B2C. For details, you can refer to this good answer.
Is it possible to manage users and groups using Terraform?
Operations such as MFA, user-types, Authentication methods, Registration, notification, User settings, group settings, and Device settings.
Is it possible to manage users and groups using Terraform?
Yes, you can use Terraform to integrate with Azure AD and manage users and groups in Azure AD. At the same time, Terraform supports a number of different methods for authenticating to Azure AD.
Please see:here.
I'm setting up Single Sign On for Jaspersoft Server to work with Azure AD. I found in the Azure Market we have jasper server supported
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.jasperserver?tab=Overview
but I can't find any relate document in anywhere. I think my approach may not correct.
Any advise is really appreciate.
Thanks
The app today can be used with Azure AD for password based SSO.
This doc talks about password SSO. If Jaspersoft supports SCIM, AAD can do provisioning to them.
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-sign-in-problem-password-sso-gallery#configure-the-application-for-password-single-sign-on
When having multiple Azure subscriptions, can we view Azure portal AAD sign-in logs and activity audit logs in 1 single view, instead of per Azure subscription? If yes, how? Thanks a lot!
Both the sign-ins and audit-logs require the limited user roles to access them, and the sign-ins requires the Azure AD License that must have an Azure AD Premium license. But all of them have no requirements to display their activities with the Azure Subscriptions. For this, you could directly see from the columns in the audit-logs and sign-ins.