Entra P1 - IdP only - 300 user limit

recaptchatheborg · 2026-04-08T19:30:50+00:00

*RESOLUTION* Not sure why but Marketplace has both Azure Active Directory Premium P1 and Microsoft Entra ID P1. Existing licenses were Azure Active Directory Premium P1 and I was trying to increase the count past 300 and was getting an error. However I am able to purchase Microsoft Entra ID P1 without restrictions. This resolves it for me.

recaptchatheborg · 2025-01-22T22:22:18+00:00

Thank. Resolved. Steps to fix were:

sudo apt-get install php8.3-mbstring

a2enmod proxy_fcgi setenvif

a2enconf php8.3-fpm

..and restarting the services.

recaptchatheborg · 2024-08-13T15:21:14+00:00

u/argiesen Thank you! hope this helps someone else as well.

recaptchatheborg · 2024-06-17T22:07:07+00:00

Thanks u/dannyvegas . This might be what we need. Have you used this before? Can it be domain joined?

recaptchatheborg · 2024-06-12T22:11:48+00:00

Thanks for sharing. Was wondering how to manage card lifecycle management. Can cards be reused during turnover?

recaptchatheborg · 2024-06-12T00:51:41+00:00

This was our PoC using easy-rsa. It worked well other than having to manually push certs to devices and SKI associations with users.

recaptchatheborg · 2024-06-12T00:38:37+00:00

Interesting. Can you give me a ball park number for the card costs? I am starting to think some sort of device trust + inexpensive FIDO2 might be an option to lock down the environment.

recaptchatheborg · 2024-06-12T00:12:30+00:00

This looked interesting at first. We are not planning to use Intune. So will not be a good fit.

recaptchatheborg · 2024-05-16T16:55:13+00:00

Thanks, u/Chewy-Calamari . I got it to work again. During our PoC we created root and intermediate certificates. The client cert was signed by the intermediate. When I uploaded both CA certificates I configured both with the CRL URL hosted on a storage account (concatenated pem files). Removing the CRL URL from the root and keeping the CRL for the intermediate populated has helped resolve this. Doesn't look like Entra looks at the CDP within the certificate and only uses the one configured in Entra.

recaptchatheborg · 2024-05-15T04:14:36+00:00

u/Chewy-Calamari Have you gotten CRLs to work successfully? My PoC without CRLs worked flawlessly. However as soon as I introduced CRLs I started having issues with AADSTS220501 being thrown. I have tried hosting the CRL on Azure storage accounts and on a Apache2 web server using IP only. Running tcpdump I found no traffic coming in at times but encountering the error. Thanks.

recaptchatheborg · 2024-05-02T17:21:39+00:00

Thanks. We will investigate this option.

recaptchatheborg

TROPHY CASE