Troubleshooting AADSTS50105: Your administrator has configured the application Microsoft Graph Command Line Tools (’14d82eec-204b-4c2f-b7e8-296a70dab67e’) to block users unless they are specifically granted (‘assigned’) access to the application.

While working on a recent tenant-to-tenant migration, I wanted to start updating my tooling to work with the new MgGraph cmdlets. Am I the only one that thinks “MgGraph” sounds like a value meal?

Anyway.

During the connection process, I ran into this error:

AADSTS50105: Your administrator has configured the application Microsoft Graph Command Line Tools (’14d82eec-204b-4c2f-b7e8-296a70dab67e’) to block users unless they are specifically granted (‘assigned’) access to the application. 

[ Continue reading ]

Legacy OneDrive for Business folder redirection

As we’re updating the Office 365 Administration Inside Out book (now called Microsoft 365 Administration Inside Out), I came across this chapter I wrote on OneDrive for Business Known Folder Move (KFM). This is the legacy method that won’t work for new deployments, but wanted it documented for posterity so that we could reference it for folks that inherited deployments using it so they know what to roll back.… [ Continue reading ]

Blocking Screen capture

Earlier today, a customer asked me how to block screen capture on Windows 10/11 devices.  Turns out, there are a few things we can do in the box.

Here we go!

Disclaimer: This post discusses modifying the Windows Registry. Please make a backup before changing any settings.[ Continue reading ]

Update to AADConnect Network Communications Test

Today’s a bugfix day! Woo!

One of my peers, @DerrickBaxter, brought a few issues to my attention that I resolved:

  • Updated password write-back endpoints
  • Updated syntax for checking for RODCs
  • Error resolving Administrator Roles
  • Failing Azure AD Credential check functionality that logged both failure AND success

I’ve also updated a few other things, including updating the checks for DCOM/OLE permissions, trusted sites, and execution policies.… [ Continue reading ]

Creating a Symlink on Windows 11

So, I finally got a new device and have been getting it set up the way I use it.

I still do a lot of scripting between authoring, customer assistance, and tooling for the general public.  While I do store all of my scripts in OneDrive, having to navigate to \Users\<username>\OneDrive - Microsoft\Scripts is a pain when you need to do it frequently.… [ Continue reading ]

Blocking voicemail attachment delivery

Today, I was approached by a peer with a particularly interesting situation–blocking a particular type of system-generated message from hitting the mailbox.  In particular, a voicemail.

Background

Voicemail messages in Exchange Online / Teams Phone world are delivered via email to the recipient’s mailbox and generally include the voicemail as an audio attachment in addition to a transcription of the message. … [ Continue reading ]

Manual OAuth Configuration for Microsoft Teams in a Hybrid Scenario

There are times when your organization (or a customer’s organization) just can’t run the Exchange Hybrid Configuration Wizard.  If you’re embarking on one of our strategies to take advantage of Microsoft Teams while your mailboxes are still on-premises, the Exchange Hybrid configuration is the go-to way to get there, since it sets all this stuff up automatically. … [ Continue reading ]