Hi
We're testing 2023.1 and have registed the app per your guide https://adaxes.com/help/RegisterAdaxesAsAppMicrosoftAzure/
When I've tried to use the app registration for both the Cloud Service and domain registation, I've received warnings about the app's permissions.
For the Cloud Service it was
For the Azure domain, it was this
With the permissions from your guide, are there going to be tasks we can't perform?
Thanks
Matt
Hello Matt,
Please, make sure that the Azured AD roles specified in the corresponding section of the following help article are assigned to the application you created: https://adaxes.com/help/RegisterAdaxesAsAppMicrosoftAzure/#assign-roles-to-the-app.
If you assign the roles and API permissions specified in the article, you should be able to manage your Azure AD domain and perform Microsoft 365 tasks with no issues.
Thanks for the reply.
I have followed the instructions from your guide, I just wanted to check though as the Cloud Service is saying "Exchange administrator", whereas the guide says to grant "Exchange recipient administrator".
If that's the required permissions though then the security team will be much happeir :D
Thank you for pointing out the inconsistency. To perform all the tasks in Microsoft 365 and Exchange Online, the application account needs to be assigned to the Exchange administrator and User administrator roles. We will make the corresponding changes in the help article shortly.
Thanks for the clarification :)
Hello, I now i am a little bit late on that conversation. i recently made the upgrade to newest version and connected our Azure tenant to Adaxes. I followed the instructions of the articel.
I don't want to give the app registration global administration rights if it's possible but if I only give the Exchange administrator and User administrator roles i can't add users to groups. (insufficient permissions). Adding Group Administrator didn't help either. It works only with Global Administration and i didn't found any other permissions for the App registrations which would make sense to me.
Regards Tristan
Hello Tristan,
As per our check, it works fine with the permissions granted according to the article and the User administrator and Exchange administrator only roles assigned to the app. Make sure that you granted all the 5 permissions mentioned in the article and granted admin consent for them all.
Thanks for the fast reply,
yes, i have already checked that.
I can change the user attributes, just not adding to groups unless the app has global rights.
The permissions are incorrect. Make sure to grant them according to the article using the manifest. If you still want to grant the permissions manually, select Application, not Dedicated.
we've migrated over to Application ID authentication...can this be updated to utilize this instead?
I'm evaluating Adaxes and so far, there have only been a few hiccups, and I am happy with the feature set. However, I'm a bit dissappointed that it does not seem to be able ... the TODO list for Adaxes? Or, am I just missing something to get them to show up?
We have a hybrid environment with On-Prem AD and Azure AD. We currently have our On-Prem AD registered (See screenshot). For us to take advantage of the Azure AD management feature ... need register Azure AD domain as well as our On-Prem AD at the same time?
Hello, We really like the new Azure AD functionality in Adaxes. Is it possible (or planned) to managed Azure AD Custom Security Attributes (currently in Preview) using Adaxes? We have ... an AAD only user so we'd like to start with Azure attrbiutes if we can.
Currently, it is not possible to manage Azure AD password policies via Adaxes. Cause Microsoft Graph API currently doesn't support password policy management. The issue is outlined here.
