When an app is included in a policy with installType set to AVAILABLE (meaning the app is available to install) how can my EMM server detect that the user has installed the app?
There are two possible ways to check if an app is installed on the device, pub/sub or enterprises.devices.get. The device reports will list all apps installed on the device, not just the ones installed by the user. To pull app reports, you will need to include applicationReportsEnabled in your policy and wait for the device to sync with the server.
Example policy:
{
"applications": [
{
"packageName": "com.adobe.reader",
"installType": "AVAILABLE"
}
],
"statusReportingSettings" : {
"applicationReportsEnabled" : true
},
"debuggingFeaturesAllowed": true
}
Related
Our Azure account is US government. I'm trying to create a new project in VS 2019 with "work or school accounts" authentication. Using "Cloud - Single organization", I provide my domain (ex mydomain.onmicrosoft.com). However it is not able to find my domain because it's looking in microsoftonline.com and not microsoftonline.us (the government domain platform). The error is:
Invalid domain name. No domain metadata was found at 'https://login.microsoftonline.com/mydomain.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml'.
Which is happening because it's supposed to use login.microsoftonline.us as opposed to .com
How can I get this to work with US government domain? I have set the environment to Azure US Government in VS, so I'm not sure where else VS is supposed to look.
Sorry for the late response on this. Spoke with the VS team and the feature that does this while creating new projects currently only works with Azure commercial - this new project experience will work with Azure Government later this year.
In the meantime, you can do auth the way you want with Azure Government - you just can't do it via this new project wizard. In fact, in the latest version of VS 2019, if you select the Microsoft Identity platform as your auth provider, it creates a JSON file like this:
{
/*
The following identity settings need to be configured
before the project can be successfully executed.
For more info see https://aka.ms/dotnet-template-ms-identity-platform
*/
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "qualified.domain.name",
"TenantId": "22222222-2222-2222-2222-222222222222",
"ClientId": "11111111-1111-1111-11111111111111111",
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
You can just go into the Azure Government portal to create your app registration yourself. Then fill in the values in this json file by changing:
Instance: https://login.microsoftonline.us
Domain: your tenant
TenantId: your Azure Gov tenant
ClientId: your Azure Gov app registration ClientID
I am trying to use identity platform to authenticate users into my custom app that is to be used from within MS Teams.
I am aware that Teams uses iFrame to load the custom apps. So I followed the method mentioned in the FAQs - Q5. I used redirectUri property in the MSALConfig. I am using the index file provided by MS for testing purposes by calling it inside an iFrame tag.
In both cases of acquireTokenSilent and acquireTokenPopup, it gets stuck at the popup window loading the redirect page. Neither the authentication is getting completed nor the popup window getting closed.
The following steps can unblock the Teams Tab scenario for the desktop/mobile apps.
Manual Steps
Step 1. Assure you have approved requests in the new API Permission Management Page on the Tenant Admin Site. This creates a client secret behind the scenes.
Step 2. Go to -> https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
Step 3. Click on SharePoint Online Client Extensibility Web Application Principal
Step 4. Click Manifest on the left menu
Step 5. Copy the id from the oAuth2Permission array
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "2143704b-186b-4210-b555-d03aa61823cf",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
Step 6. Replace “preAuthorizedApplications” entry with the following json
"preAuthorizedApplications": [
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"ID OF THE USER_IMPERSONATION Scope"
]
}
],
Step 7. Hit Save.
This issue was solved by changing the implementation to use new feature - SSO instead of MSAL library.
With the new apple rule explained at https://developer.apple.com/support/account/authentication/:
In an effort to keep your account more secure, two-factor authentication will be required for Account Holders of a developer program to sign in to their Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you're the only person who can access your account.
I am getting the following error when trying to publish my iOS app on the store through the CI at https://appcenter.ms :
{
"mandatory_update": false,
"release_notes": "feature/navigator profile (#467)",
"destinations": [
{
"id": "678b39eb-7040-43ca-b903-REDACTED",
"name": "App Store Connect Users",
"message": "Failed to publish to store. Error: App specific password is mandatory for 2fa enabled account in service connection id: 5b1a378c-d7bc-4492-5ad6-REDACTED",
"code": "app_specific_password_missing"
}
],
"code": "partially_succeeded",
"message": "Failed to publish to store. Error: App specific password is mandatory for 2fa enabled account in service connection id: 5b1a378c-d7bc-4492-5ad6-REDACTED"
}
I have looked everywhere online and crawled around the different menus without finding anything of interest.
Do you know where I should enter my app-specific password?
You can follow the instructions here: https://learn.microsoft.com/en-us/appcenter/distribution/stores/apple#adding-two-factor-authentication
Specifically:
Adding Two-factor authentication
If your Apple account has two-factor authentication enabled, App Store Connect requires an app-specific password as security. You can add an App-specific password to your account by navigating to Developer accounts in your Account settings.
Hover over an item in the Accounts list.
Click the three vertical dots on the right side of the list
Select Update app-specific password.
Generate an app-specific password using the Apple ID portal.
The name is for you to remember which service or app is using the app-specific password.
Copy the generated app-specific password and paste it into the dialogue.
Save by clicking Update.
This error is coming because of 2 factor authentication, you need to enter OTP for your apple app store ID.
Step 1: https://appcenter.ms/ open the app center click on distribute navigation link.
Step 2: Click on stores
Step 3: you can see the error message to reenter your Apple connect credentials for the verification, it will ask for OTP.
Now you can publish your app on app store.
I resolved this issue by navigating to https://appcenter.ms/settings/accounts.
I'm writing a command-line tool in python to post/edit/delete Blogger posts. Since the authentication uses OAuth2 I've requested an API credentials on Google API. It comes in the form of a client_id.json file.
{
"installed": {
"client_id": "<removed>",
"project_id": "<removed>",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://www.googleapis.com/oauth2/v3/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "<removed>",
"redirect_uris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
}
}
I plan to make the app open source.
If someone has the file, does that mean he can access everyone who allowed the app to manage their blog?
Are separate users expected to generate their own API key?
No you cant and here is why.
I plan to make the app open source.
If someone has the file, does that mean he can access everyone who allowed the app to manage their blog?
Yes if someone has your credentials file they can do what ever they want. Using your account and posibly spaming your developer account causing you to loose access to your account see Can I really not ship open source with Client ID?
Are separate users expected to generate their own API key?
No anyone who downloads your open source project and wants to use it will be required to make their own credentials file on google developer console. as per TOS you are not allowed to share your credentials file with another user.
Using a Google Apps Marketplace App installed from the Chrome Web Store with a full Drive scope works fine except when I unchecked the "Allow users to install Google Drive Apps" in Drive settings then I get this error with all Drive interactions:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
This makes sense but reading this announcement I thought installing the App would be white listed:
"With today’s launch, Marketplace applications deployed by admins will be able to integrate with Google Drive for users who are provided with the app, even if this Admin Console setting is disabled. In essence, admins can now whitelist the Drive applications that their users can install."