What’s Azure AD? Best go straight to the source for the description! Microsoft says:
“Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. Azure AD also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.”
So, in short, you’ll manage cloud identities in Microsoft’s extended ecosystem with AAD. When you use Office 365, Azure or Intune, you’re using AAD implicitly.
You can use the Azure portal to add or modify a few users. Alternatively, you can synchronize your identities from an on-premises Active Directory instance using Azure AD Connect (which replaces DirSync).
Why should you care about it?
In practice, for a developer Azure AD typically comes into play when one needs to handle authentication to their app functioning in Microsoft’s ecosystem. If you’re doing anything with Azure of Office 365, chances are you’re already running into different Azure Active Directory errors every now and then! Even for a normal user, who’s doing nothing out of the ordinary, some of the error messages – often starting with AADSTS – might’ve become quite familiar!
So all in all, Azure AD is s definitely a worthy topic for a developer like me who spends a lot of his time with SharePoint and Office365 😁
What are these posts about?
These blog posts handle different configuration tips when using Azure Active Directory. Basically, I’m describing different things you can do to solve different errors with AAD, and how to develop apps using it.
Did I mention errors? Yes – in fact, yes I did! A lot of my posts are focused around solving issues with different authentication configurations. You typically encounter an error with a code that starts with “AADSTS” – some typical ones would be AADSTS65001 and AADSTS50011. My blog articles aim to produce different solutions to these errors, that are often fixed by fairly simple configuration changes.
This article describes how to fix the “AADSTS500113: no-reply address is registered for the application” error. You typically get this error, when your app is trying to authenticate your users against Azure Active Directory. I have been posting about different versions of the Azure Active Directory authentication errors (different errors with AADSTS -codes) a lot – I’ll need to find a better way to categorize them in the future. But,…Continue reading How to fix an “AADSTS500113: No reply address is registered for the application” error?
A couple of days ago, I got a comment asking how to fix error AADSTS90008 when developing an application using Azure Active Directory The error in question was this: AADSTS90008: The user or administrator has not consented to use the application with ID ‘[guid]’. This happened because application is misconfigured: it must require access to Windows Azure Active Directory by specifying at least ‘Sign in and read user profile’ permission.…Continue reading How to fix “AADSTS90008: The user or administrator has not consented to use the application”?
Have you ever tried to find out the number of users of an enterprise application in your Office 365 tenant? This could be needed for multiple different reasons: maybe your organization is paying for the app and you want to know who’s actually using it, maybe the usage is required by a company policy and it’s useful to know if organization’s members are actually using it, or maybe you just…Continue reading How to get the user count for Azure AD Enterprise Application
So, you got an AADSTS50011 error code? It’s just Azure AD’s authentication acting up because of an invalid reply address! Here are a bunch of different reasons that could have led to this error. This post describes the variant where the URL’s case sensitivity differs from what’s configured. For me, the most typical scenario where I run into this error is accessing the app from SharePoint. Problem In short: When…Continue reading How to fix “AADSTS50011: Reply address did not match because of case sensitivity.”
I stumbled upon a customer, that complained about some pages in their intranet throwing weird errors with authentication. Those pages seemed to have one thing in common – there was a Yammer embed (or a SharePoint script webpart with Yammer embed script in it, to be precise) there. The error code they got was “AADSTS90013: Invalid input received from the user”. Below, you can see an example of the error…Continue reading Solving error “AADSTS90013: Invalid input received from the user”