Introduction This post is meant to go over the issue when the Azure Active Directory Application Registration delete button is grayed out. This issue could occur for a few reasons, and this document will go over the current known issues with Azure Active Directory Portal issues. This post will mainly go over the issues detailed in the v1.0 endpoint (portal.azure.com). Context Some users will find that they…
Read MoreUnable to Modify User Email, Phone Number, Password or Other Personal Information for Azure Active Directory Users
Introduction This post is in regards to the issues in regards to users having issues modifying Azure Active Directory User attributes such as mail, phone number, resetting passwords, or other personal attributes in user accounts. This will review the reason behind these changes and how to resolve the issue. For many users this was something that was working before and only recently stopped working properly. Reason Behind Change There…
Read MoreHow to filter Fiddler capture traffic using host name and process name
This post discusses a couple of ways to filter Fiddler traffic based on domain names (or host names) and client process(es): Note that before using filter you should make sure Fiddler is configured to capture all processes. This is indicated at the bottom left corner of Fiddler window. That area is clickable to change the selection. Filter traffic using Fiddler’s built-in filter feature: From Fiddler’s right pane –> Filters tab…
Read MoreCapture http(s) traffic with Http Fiddler
1 – Download the Fiddler 4 application and install it on the machine used to reproduce the problem (if you have not already). Go to http://www.telerik.com/download/fiddler 2 – Enable the option to decrypt HTTPS traffic: Tools -> Options -> Https -> select ‘decrypt HTTPS Traffic’ (you may be prompted to install the Fiddler certificate – make sure to select Yes) Ensure this option is checked when collecting the trace as…
Read MoreHow to Add an Azure AD Role to a Enterprise Application (Service Principal)
Introduction This post is to help users be able to assign administrative roles to Enterprise Applications/Service Principals so that they can perform duties that would otherwise require a user with elevated permissions to accomplish. This is convenient when a user wishes to use a service principal in order to reset a password, or to perform some activity that requires admin privileges programmatically without an interactive sign in (using client credentials…
Read MoreHow to Create a New Schema Extension Using the Microsoft Graph Explorer
Introduction This post is to provide a tutorial on how to create a schema extension utilizing the Microsoft Graph Explorer. In this post we will, login to Microsoft Graph Explorer, create the V1 AAD Application, and make the Microsoft Graph Schema Extension call. Getting the Access Token Please navigate to the Microsoft Graph Explorer at : https://developer.microsoft.com/en-us/graph/graph-explorer Once the page loads, on the left, below authentication you will see…
Read MoreTesting B2C Resource Owner Password Credentials ( ROPC ) policies using PostMan
Below are the basic steps for using PostMan to test a B2C Resource Owner Password Credentials ( ROPC ) policy. You will need a set of user credentials along with a Application ID of a B2C Native application that will be used to retrieve the token. Obtain the token endpoint from the B2C ROPC Policy 1. In the portal, locate the B2C blades by searching for B2C, then locate the…
Read MoreGUID Table for Windows Azure Active Directory Permissions
Introduction This blog is meant to help users who need to get the Windows Azure Active Directory Permissions (WAAD) Globally Unique Identifiers (GUIDs) in order to create AAD Applications using the Microsoft Graph API, or for other reasons where they just need to get the GUID for a certain WAAD permission. For further information regarding AAD permissions please refer to the blog post : https://blogs.msdn.microsoft.com/aaddevsup/2018/05/21/finding-the-correct-permissions-for-a-microsoft-or-azure-active-directory-graph-call/ Note: That these GUIDs…
Read MoreHow to Create and Add Keys to Enterprise Applications for Expired Keys
Introduction This article is broken up into a couple of different sections based on what you are trying to do. Trying to modify the service principals credentials typically is meant for accessing an application that is multi-tenanted and the client secret has expired and they need a fix to resolve a wide outage due to an expired client secret. This typically has to do with a key expiring, many people…
Read MoreUsing Postman to call the Microsoft Graph API using Authorization Code Flow
Introduction This article will help guide you through utilizing Postman to call a Microsoft Graph Call using the authorization code flow. This is part of a 5 part blog on accessing the Microsoft Graph API utilizing grant types : authorization code, implicit flow, client credentials, password, and refresh token flow. We will be utilizing the same Microsoft Graph call to reduce extraneous details on having to include setting up and…
Read More