Month: June 2020
-
Receiving Error “AADSTS900439 – USGClientNotSupportedOnPublicEndpoint”
Problem: This blog provides more information about the error “AADSTS900439 – USGClientNotSupportedOnPublicEndpoint”. This error typically occurs when a user uses a public cloud endpoint to sign in to an application registered in Azure Government sovereign cloud. It is known fact that the official Azure Active Directory (AAD) Authority for Azure Government changed from `https://login-us.microsoftonline.com` to…
-
Using PostMan to request an Azure AD token via SAML Assertion Grant flow
Azure Active Directory (Azure AD) supports an OAuth2 Extension Grant called “SAML Bearer Assertion flow” which allows an application to request an JWT OAuth2 token from Azure AD by providing a SAML Assertion (Token) acquired during an authentication process to a different Authorization Server. As you can imagine in order for this token exchange mechanism…
-
Configure .Net Application to call Microsoft Graph in a National Cloud Tenant
When authenticating with Azure and making a Microsoft Graph request, for commercial tenants, this is all done with the .com endpoints ( https://login.micorosoftonline.com/… and https://graph.microsoft.com ) and your token audience is for the .com endpoint as well. However, when performing the requests against a National Cloud tenant, you must use the appropriate endpoints. In this…
-
Receiving error “Change enumeration is not supported for requested tenant.” from MS Graph Delta query
Problem Customer receives the following error when running an MS Graph delta query, for instance the following: GET https://graph.microsoft.com/beta/users/delta ‘error’: { ‘code’: ‘Request_UnsupportedQuery’, ‘message’: ‘Change enumeration is not supported for requested tenant.’, ‘innerError’: { ‘request-id’: ‘xxx’, ‘date’: ‘2020-05-22T13:17:45’ } } Root Cause This error can happen if the tenant is an Azure AD B2C tenant.…