Help me keep Passwordless sign-in as my default method

By Chris Schultz in Azure AD, Microsoft 0 Comment

Passwordless sign-in with the Microsoft Authenticator app is a great solution for signing in with MFA, while removing our reliance on passwords – as per: Do you use MFA instead of typing a password?

However, occasionally something goes wrong with Passwordless sign-in, and a password needs to be entered. When this happens, the default sign-in method switches to using a password and the Authenticator app, and users don’t bother to (or don’t know how to) change it back.

There should be a way to set Passwordless as the default sign-in method, so that even if a password is entered once, the next time a sign-in happens it goes back to using Passwordless.

Figure: Nowhere to set a default sign-in method

Azure DevOps – Show Display Name from Azure AD

By Chris Schultz in Azure, Azure AD, Azure DevOps 0 Comment

We have Azure DevOps connected to Azure AD so that our users can log in with their Azure AD credentials.
Currently, DevOps does not show our users’ Display Name that is set in Azure AD.

Users can change their own name here, but this is not a fix. For the sake of consistency, display names should match the display names used in Azure AD.

Figure: Display Name in Azure AD (with [SSW])
Figure: Display Name in Azure Devops (missing [SSW])

Azure – app registration secret/certificate logs cannot be forwarded to Azure Monitor

By Chris Schultz in Azure, Azure AD 0 Comment

Azure AD Audit Logs are very helpful when diagnosing issues. Similarly, sending these logs to Azure Monitor is very useful for storing logs, and for setting up alerts on certain events.

In Audit Logs, we can see when an app registration secret or certificate is created or deleted.

Figure: Azure AD | Audit Logs app registration secret/certificate logs

However, there is no way to send these logs through to Azure Monitor so that we can set up alerts on these events.

Figure: no option for app registration secret/certificate logs

Help me see changes in the Audit logs for distribution groups

By Chris Schultz in Azure AD 0 Comment

Say you add user to a group… you should be able to see this change in the Azure AD Audit logs.

Figure: New user added to a distribution group

The Audit log details work great for users. For example, when you make a change to a user in AD and sync with Azure AD (using AAD Connect), you get great visibility of what was changed.

✅ Figure: Good example: Azure AD | [user] | Audit logs | Audit Log Details with Old Value & New Value

Sadly you can’t see who changed it.

When you make a change to a distribution group in AD (e.g. add a new member) and sync, there are no details at all

❌ Figure: Bad example – Azure AD | [group] | Audit logs | Audit Log Details shows no details (you can’t see that a new user was added to the distribution group)

Suggestion: Please add the details of who changed what for both users and distribution groups in the Audit logs.