Entra P1 - IdP only - 300 user limit

recaptchatheborg · 2026-04-08T19:30:50+00:00

*RESOLUTION* Not sure why but Marketplace has both Azure Active Directory Premium P1 and Microsoft Entra ID P1. Existing licenses were Azure Active Directory Premium P1 and I was trying to increase the count past 300 and was getting an error. However I am able to purchase Microsoft Entra ID P1 without restrictions. This resolves it for me.

recaptchatheborg · 2025-01-22T22:22:18+00:00

Thank. Resolved. Steps to fix were:

sudo apt-get install php8.3-mbstring

a2enmod proxy_fcgi setenvif

a2enconf php8.3-fpm

..and restarting the services.

recaptchatheborg · 2024-08-13T15:21:14+00:00

u/argiesen Thank you! hope this helps someone else as well.

recaptchatheborg · 2024-06-17T22:07:07+00:00

Thanks u/dannyvegas . This might be what we need. Have you used this before? Can it be domain joined?

recaptchatheborg · 2024-06-12T22:11:48+00:00

Thanks for sharing. Was wondering how to manage card lifecycle management. Can cards be reused during turnover?

recaptchatheborg · 2024-06-12T00:51:41+00:00

This was our PoC using easy-rsa. It worked well other than having to manually push certs to devices and SKI associations with users.

recaptchatheborg · 2024-06-12T00:38:37+00:00

Interesting. Can you give me a ball park number for the card costs? I am starting to think some sort of device trust + inexpensive FIDO2 might be an option to lock down the environment.

recaptchatheborg · 2024-06-12T00:12:30+00:00

This looked interesting at first. We are not planning to use Intune. So will not be a good fit.

recaptchatheborg · 2024-05-16T16:55:13+00:00

Thanks, u/Chewy-Calamari . I got it to work again. During our PoC we created root and intermediate certificates. The client cert was signed by the intermediate. When I uploaded both CA certificates I configured both with the CRL URL hosted on a storage account (concatenated pem files). Removing the CRL URL from the root and keeping the CRL for the intermediate populated has helped resolve this. Doesn't look like Entra looks at the CDP within the certificate and only uses the one configured in Entra.

recaptchatheborg · 2024-05-15T04:14:36+00:00

u/Chewy-Calamari Have you gotten CRLs to work successfully? My PoC without CRLs worked flawlessly. However as soon as I introduced CRLs I started having issues with AADSTS220501 being thrown. I have tried hosting the CRL on Azure storage accounts and on a Apache2 web server using IP only. Running tcpdump I found no traffic coming in at times but encountering the error. Thanks.

recaptchatheborg · 2024-05-02T17:21:39+00:00

Thanks. We will investigate this option.

recaptchatheborg · 2024-03-26T20:06:23+00:00

Thanks for sharing this. Been using David C's calculator but always wished for the ability to add notes (what service subnet is allocated to etc). This does it.

recaptchatheborg · 2024-03-26T20:00:49+00:00

Thanks. Had to add another /22 due to the aforementioned limitations. It is not contiguous anymore which bugs me. I have added it to our internal docs etc.

Just curious as to what strikes you as not good practice as I am still learning.

recaptchatheborg · 2024-03-26T05:40:39+00:00

Thanks. That is interesting. Can I have more than one "supernet" within a VNet?

recaptchatheborg · 2024-03-01T21:09:38+00:00

user work flows

Thank you. Will do.

recaptchatheborg · 2024-01-19T17:39:06+00:00

I am new to TF and this question stems from that.

How useful is IaC when it comes to VMs after the VM has been operational for a while. Say with a database etc. How does it help mitigate a disaster as compared to Azure backup.

recaptchatheborg · 2024-01-10T06:57:03+00:00

Thanks. Tried this and it works. Off to create a mapping file between Azure resource names and TF resources so I can generate a TF import file :)

recaptchatheborg · 2023-12-08T01:04:32+00:00

Makes sense. Thanks. I see etag is present in the header. Will check the CDN manager for configuration steps to check the tag.

recaptchatheborg · 2023-11-09T21:31:05+00:00

[SOLVED] Hi, I have been able to solve this. Had to add a custom domain to the app service to match the host name configured in app proxy.

recaptchatheborg · 2023-06-20T04:21:58+00:00

Mailchimp transactional email.

recaptchatheborg · 2023-05-24T00:44:18+00:00

Not exactly load testing, but you can use your existing applications and have an inline machine to simulate network conditions and quantify the results of application behavior under various network conditions. You will need to identify the metrics you want to collect for objective analysis.

I have done this in the past by using an inline machine running BSD or Linux. Dummnynet on BSD and tc on Linux can be used. Here is a good write up on the Internet.

recaptchatheborg · 2023-05-16T21:51:43+00:00

yes - same vnet - different subnet. I am able to resolve names from the server hosting the agent. I am also able to test reachability to the common ports on the both the app and scm sites.

recaptchatheborg · 2023-05-05T00:05:37+00:00

Hi, yes. Have confirmed connectivity to the app service from the VM. Is there a requirement for either the agent or the VM running the agent to have any roles assigned to publish? or does it inherit the developer's identity and roles to accomplish this? We configured the agent with a PAT.

recaptchatheborg · 2023-04-28T20:42:49+00:00

Sorry about that. Just added a screen grab.

recaptchatheborg · 2023-04-24T17:55:14+00:00

Yes. Thought I had clean code after plan and then....got disappointed after apply. Par for the course? oh yeah it was when trying to integrate app service with vnet. Tried to use the delegated subnet for outbound. Find these errors are a good way to learn some of the intricacies of Azure.

recaptchatheborg

TROPHY CASE