Identity & Authentication | Microsoft Community Hub

Forum Widgets

Latest Discussions

onmicrosoft.com accounts
Hi, looking to understand more about the onmicrosoft.com domain in O365 tenants, which I've seen some info https://support.office.com/en-us/article/About-your-initial-onmicrosoft-com-domain-in-Office-365-b9fc3018-8844-43f3-8db1-1b3a8e9cfd5a. We are looking to cleanup users in our tenant that was created quite some time ago. We have hundreds of users with the onmicrosoft.com instead of our company's domain that we've since added. How have others done this cleanup? Do you mass delete all users with the onmicrosoft.com emails? Is it correct to assume that all the .onmicrosoft.com accounts were added prior to us adding our company's domain? What happens when you swith the default from onmicrosoft.com to your companys primary domain?
Solved
Erin Scupham
Copper Contributor
Aug 31, 2016
350KViews
2likes
14Comments
MFA Shows Disabled, But Being Used
When I visit Azure Active Directory -> Users -> Multi-Factor Authentication, our initial accounts show "Multi-Factor Auth Status" as "Disabled", but we are seeing MFA prompts. I find it confusing that something shows "disabled" that is really turned on somehow??? Is there more than one type of MFA? We just received a trial for G1 as part of building a use case for moving to Office 365. I setup the tenant space by confirming our identity and I am a Global Administrator. I was prompted to setup MFA on my second logon, but I don't recall being offered any option other than text message. My understanding is that I had to turn on MFA for our accounts so I just setup SMS to get logged on the second time.
Eddie78723
Copper Contributor
Apr 17, 2020
Authentication
239KViews
0likes
24Comments
Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern
Office 365 MFA and the Apple Mail app for iOS concern? We ourselves and several customers using Office 365 have noticed a recent issue with the Apple Mail app for iOS when Office 365 MFA is enabled. When users are out of a known or trusted location and required to MFA to sign in or access Office 365 resources the Apple Mail app for iOS is asking for the user's password. This should NOT happen if MFA is enabled and an App Password has been created to be used for the Mail app. The Mail app then prompts the user to enter their Office 365 password which confuses the end user because they try to re-enter the generated App Password which it then fails to sign in because it actual requires the user's standard password. Has there been recent changes to that platform and the Apple Mail app for iOS? I'm thinking that Apple finally updated the Mail app to support modern authentication, if so why hasn't documentation for it been updated? I can see that Apple introduced the capability in 11.0 but we could not get it to work out of the gate and found it to be NOT 100% reliable. So if they finally got this to work in the latest release of iOS what is the recommendation? Have all the current users update their passwords in the app from the App Password to their standard password or can we continue to use the App Password? We have noticed the increase in support requests from customers about this issue in the past 2 weeks or less.
Alex Melching
Iron Contributor
Aug 02, 2018
Authentication
office 365
229KViews
0likes
34Comments
Send Mail (SMTP) through Office 365 with MFA
We have a web server that needs to be able to send emails as users (FROM field); however, we have noticed that if the user account is protected with MFA, the message is rejected. Has anyone been able to get this working? I found a work around by using an account that does not have MFA then adding that account as a delegate of the sending user, but that seems a bit extensive. In our scenario, web server sends a message showing it comes from a sales rep, that is populated dynamically on the web server. It uses CFMAIL (same rules as say PHPMailer) and uses the FROM field as the sales rep. That is handled off in this case to Office365 to send emails. Actual Error: Diagnostic-Code: smtp;550 5.7.60 SMTP; Client does not have permissions to send as this sender
Jeff Harlow
Iron Contributor
Feb 23, 2018
Authentication
exchange
office 365
security
228KViews
1like
16Comments
Azure MFA "Activation Failed" error with Microsoft Authenticator App
We've opened a premier ticket, but has anyone in the community seen this error before? We've got a few users that can't set up the Microsoft Authenticator app, and nothing we do is working. This is rolling out to all of our users overnight tonight, and none of our global testing has run into anything like this.
Brent Ellis
Silver Contributor
Mar 30, 2018
Authentication
security
132KViews
0likes
17Comments
Office 365 Admin Role Needed for MFA
I would like to assign members of the help desk access to manage MFA for non-admin users. I already assigned the Authentication admin role and this partially works. Right now the help desk can go into AAD, switch to Authentication methods and do everything that is needed there. However, as a Global Admin from the Microsoft 365 admin center I can see Users > Active Users > Multi-Factor Authentication and I can manage Manage multifactor authentication from the User itself. These options are not available for the help desk. Is there another role that I can use to grant access to the legacy MFA management portal?
Solved
ChrisP1975
Brass Contributor
Feb 24, 2021
admin
security
103KViews
4likes
22Comments
MFA for one email account with several users
Client runs four shifts with support staff who work from home. Each group of four team members has a single 365 mailbox, and usage passes from one team member to another as the shifts change. For each group, client wants to implement 2FA with Authenticator on the phones of each team member, i.e. four phones authenticating one email account. But this used to be barred for business (‘work and school’) accounts. DAK what is the current position (and is this documented anywhere?), and if it is still barred what is the best way forward?
Solved
Decomplexity
Brass Contributor
Feb 17, 2021
Authentication
office 365
security
99KViews
0likes
4Comments
Authenticating to O365 using Powershell and MFA
I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA. I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands/ and the authentication basically works but then comes in the question on how to authenticate with Exchange Online? I found a post already where a MSFT engineer states that the only way here would be to create a dedicated admin account without MFA enabled but we strictly enabled MFA on admin accounts for security reasons. I noticed that there are no plans on uservoice (but some suggestions) to enable this. Has anyone already found another solution (except for creating another account without MFA)?
Solved
Mike Platvoet
Iron Contributor
Aug 01, 2016
Authentication
office 365
95KViews
4likes
25Comments
Is MFA included in Office 365 Exchange Online Plan 1?
I'm having a hard time finding out whether or not MFA functionality is included in O365 Exchange Online P1 for users logging in to the e-mail environment. If anybody knows, I'd also like to know where it's mentioned in official Microsoft Office 365 documentation.
Solved
Deleted
Mar 14, 2019
Authentication
exchange
office 365
security
88KViews
0likes
17Comments
Azure AD Connect Admin Audit log
Hi, Does anyone know if there is an Admin audit log for AADConnect? i'm looking for something that logs when an admin has, for example, made a change to the sync, such as adding or removing an OU from the sync scope, manually triggering an initial or delta sync, opening the admin tools or opening the connectors in edit mode? i am seeing a lot of clients systems whereby AAD Connect spends a lot of its time complaining about the need for an initial sync, I suspect a lot of these cases are where an admin has opened the sync and OK'd, or even cancelled out, but it seems to have marked the connector as changed. it seems odd that there is no evident admin audit log for something as critical, and security sensitive, as AAD Connect, if there isnt. if it relies on logging to event viewer only, then is there any guidance or documentation (i haven't managed to find any) to identify which event IDs would correlate to the above activities, trawling the logs so far i havent found anything identifying when a connector has been changed or, frankly, when an admin has opened or used the tools (MIISClient or Azure AD Connect app/tool) Thanks in advance for your input. Pete
Peter Holland
Iron Contributor
Jan 25, 2017
admin
88KViews
1like
22Comments

Resources

Tags

Authentication335 Topics
office 365216 Topics
security159 Topics
Identity64 Topics
admin63 Topics
multi-factor authentication54 Topics
Azure AD46 Topics
exchange42 Topics
microsoft 365 apps38 Topics
Authenticator app38 Topics