Introduction to Azure AD: Part 1

After having some discussions about this technology, I have decided to post a series of posts about this technology, and which options do we have depending the scenario where we are involved, so let’s start!

Today, I’m gonna talk about Azure AD, which probably everyday everyone knows, but in case of not, this is post is also for you. Azure AD is the acronym of Azure Active Directory, which basically is a cloud service identity provider or identity as a Service, in other words, it’s a simpler version of the typical Active Directory that almost every company has.

Which is the main purpose? Extend your AD to support the cloud and to allow business users to work with cloud applications. Simply as is.

How you can imagine, when we are using Azure AD we are relying on Azure, but also, when we are using O365, we are also using Azure AD to store the synchronized identities on the cloud (in case we have configured the synchronization between OnPrem and the cloud), so even if you don’t have an Azure subscription to host services, you can enter to azure portal, enter into Azure Active Directory and manage your users.


So, resuming, if we have O365, we also have Azure AD, and we can manage the users from the O365 portal and from the Azure AD portal. In addition to that, managing users in the Azure AD portal, gives us a lot of possibilities, as conditional access, identity protection, etc…  But, to use some of these features, we need a valid license.

Licenses in Azure AD, are divided into Free, Basic, Premium 1 and Premium 2, each has some interesting features, in the following link, you can have a closer look to each of these features:

As we can see, depending of what we want to use, we will need a different license, also, we have to take into account, that every user that will use this “premium” features, will need a valid license, so take in to account we you are planning to implement a service like this into your business.

As we can see, until here Azure AD is easy peasy, but now comes the funny part, have you ever realized that Azure AD is divided into Azure AD Azure B2B and Azure B2C, don’t you? So, in next post I will try to focus more in B2C and B2B to at least show my vision about this technology and possible use cases.

For more info:


Are you looking for Flow resources?

If you are looking for Flow resources and you do not find anything, the following post, has the right material for you.

It has a lot materials ordered by the level of understanding (from begginer to advanced) and even some material for SPO and O365 administrators.


Private Teams will be discoverable in Search

Nowadays, if you want to join a Private Team, the only way to do it is by being invited by an admin of the group. But this will change in the next days, I found the following annouce in my tenant:


So, will be possible to find the groups in SharePoint Search or even searching the groups in the Microsoft Teams App. I think this make sense, you find the group and if it’s necessary you request access to the group.

The only thing that is it necessary to take into account is to be aware of the name policy that the groups will have, if you don’t want a certain name group in your tenant, check it before, and if it’s necessary, execute the Set-UnifiedGroup command with the attribute HiddenFromAddressListsEnabled to $true

It’s great to see how Microsoft is improving all the collaboration tools 🙂


Microsoft Support and Recover Assistant for Skype for Business

If you still thinking that Skype for Business is already dead, Microsoft is telling you the contrary, they are still improving their tools to do their best.

One of this, is that they had improved SaRA, this tool allows to fix many problems or at least it indicates you how to fix them.


The most important thing here, is that has been added support for Skype for Business. If you want to dig deepper in this tool, you can find more information in the following post: SaRA


Enable users to sync IRM-protected files with the OneDrive sync client

While I was searching information for a customer about IRM and AIP, I came across with the following post on MS Support:

It explains a new feature that it’s in Preview, which allows sync libraries with ODFB, but this libraries are protected with IRM. I found it great, so I decided to share it 🙂


Internal Server Error while creating SharePoint Online Team Site

Today I bring a weird error, it has been hard to follow the error and reproduce it, but finally I have been able to solve it. The error was the following:

  • The user tries to create a SharePoint Team Site from the portalCTS
  • The user selects a Team Site and starts to fill the parametersCTS2
  • The problem here, is that it stucks on the “Checking” action to verify if the site exists wether or not, and after a few moments it shows a message to exit from the creation site page. In case the user selects “Stays on this webpage” the system does nothing, but in case the user selects “Exit from this page” it automatically fires the following error:CTS3
  • 500 Internal Server Error, a great error take into account that we are talking about SharePoint Online…

Things that I checked before finding a solution…

  • Check if the problem was reproduced with other navigators… I tested with IE, Edge, Chrome, Firefox and SAfari, all of them had the same behaviour.
  • Check if the client has configured a group to restrict the creation of O365 groups
  • Check if it happens with all the users, yes it happens
  • Check if it happens with global administrators, nop the GA were able to create the groups

After digging a lot, I decided to check the traces with Fiddler, after that I was able to see a kind of redirection in the traces, so I decided to go to the Home of SharePoint tenant and check the site collection features at that level.

I was reviewing which features were activated, in order to try to clarify what was the point of that error. After checking all the features, I decided to deactivate the feature “Limited-access user permission lockdown mode”


I remember that this feature gave me some problems in the past while I was involved in OnPremises projects were we were deploying anonymous portals, so I decided to deactivate the feature.

After deactivating the feature, I checked the creation of SharePoint Team Sites with the user that was giving me problems at the beginning…. and BAM! problem solved!! Wiiiiiii

So I wonder that this SharePoint Team Site Creation Page has something related with anonymous permissions or something like that. It has been a weird problem, but finally the mistery has been resolved.


SPO – Which MP should I use for Search?

This is a reminder for myself, sometimes I forget which type of Managed Propery I have to use in SPO in order to make search by CQWP, so, depending on the type of column you will need to use different type of preset Managed Properties.

Managed property name Data type for mapping
RefinableDate00 – RefinableDate19 Dates.
RefinableDecimal00 – RefinableDecimal09 Numbers with max three decimals.
RefinableDouble00 – RefinableDouble09 Numbers with more than three decimals.
RefinableInt00 – RefinableInt49 Whole numbers.
RefinableString00 – RefinableString99 Strings, Person or Group, Managed Metadata, Choice and Yes/No

So, after you have configured this, you’re ready to go. Remember that before you can configure a MP, it is necessary to have values in the column in order to be able to crawl this column and then be able to do the correct mapping.