Azure conditional access provides flexible control over access to Office 365 resources and services based on location/user group membership/device etc. If you set up conditional access rules, any user who doesn’t have an Azure AD Premium license will not be affected by them - access is permitted by default!
How to work around this without manually assigning licenses to every user or using a dodgy script? Azure AD has a capability called Dynamic Groups.
Two quick scripts to convert between ImmutableIDs and AD Objects with pipeline capability.
If you landed here, then you are very unlucky. You downloaded AADConnect version 1.1.370.0 with it’s known issue. You don’t have port 9090 open externally, so you don’t get an undocumented error Cannot retrieve single sign on status. Learn more.
But do not fear. Just go and download the latest version.
After you’ve added a domain to Azure AD (or Office 365) using powershell, while connected to your ADFS like this:
New-MsolDomain -Name domaintest.wrish.com -Authentication Federated When you add your verification record and try to verify the domain from the GUI you might get an error like this:
You can’t verify your domain using the GUI when you create the Domain using powershell, instead you have to confirm the domain using powershell while entering all Federation options.
RISH