Forum Widgets
Latest Discussions
MFA Enabled> conditional MFA policy setup > not prompting users to authenticate
I pulled a report in Entra that shows users with no MFA authentication methods setup, but we have a conditional mfa policy setup that should enforce MFA. I have worked with a user showing on the report. Their PC is joined in entra and managed Intune. I have revoked the user session reset his MFA still the user is able to sign in to his pc with his windows hello pin or his 0365 credentials without being prompted for MFA registration authentication setup...any help
Microsoft Feedback Portal account is not working
I changed my Microsoft password a year ago, and it updated everywhere other than the Feedback Portal. As a result, I get an error when I try to login, or do anything on the page. Microsoft account support's suggestion was to login to the Feedback Portal which is insane given I'm having issues accessing it. How can I get this issue resolved? I've got three separate support tickets now and they keep asking me to wait 24 hours to get the issue resolved. Can someone from the Feedback Portal team please contact me to resolve this?" This is what Microsoft Support have said: "understand your frustration, and yes—this is an account‑related issue because the Feedback Portal is still tied to your old alias, which causes login conflicts and forces you out. Your Microsoft account itself signs in correctly, but the Feedback Portal is pulling outdated identity data that you cannot update on your own. Since you cannot access the Portal to submit feedback, directing you back there is not a workable solution. What you need is for Support to escalate this to the internal Identity/Feedback Platform engineering team so they can manually correct the outdated alias mapping on the backend. In this situation, the Feedback Portal and Tech Community teams are the ones who manage and maintain that specific platform. Because the issue appears on the Feedback Portal side—even though your Microsoft account is working normally—only their dedicated team can make the necessary corrections on their end. That’s why we are guiding you to connect with them through the links provided: https://techcommunity.microsoft.com/ or https://feedbackportal.microsoft.com/feedback. They will be able to review the portal‑specific account data and assist you further. I understand why this is frustrating. Since you’re unable to stay signed in to the Feedback Portal, I completely see why posting there isn’t possible for you. However, I do need to be transparent: I’m not able to escalate this issue directly to the Feedback Portal team, as they don’t provide internal escalation channels for us and only accept requests through their own platform. "
My Azure login is stuck at MFA and cannot proceed
In August, I was still able to log in to Azure, and by logging in through GitHub I could bypass 2FA. But now, no matter how I try, logging in via GitHub always requires 2FA. I can’t access my Azure account anymore—nothing works. The system prompts me to use Microsoft Authenticator to confirm a two-digit code in real time. My Microsoft Authenticator on my iPhone is logged into the same Microsoft account, but I’m not receiving any verification requests for Azure login. No matter how much I refresh, nothing shows up. I’ve already updated the Microsoft Authenticator app to the latest version from the App Store. However, my personal Microsoft account works fine and can log in without any issues.How Do I Target the Azure VPN Client in a Conditional Access Policy?
I am using the Azure VPN Client to connect users to an Azure VPN Gateway using their Entra ID credentials to authenticate. I want to target this application with a CA policy that requires MFA every time it connects. The problem is that I don't see the applications in my Enterprise Apps and all of my searching says that it won't appear because it was "pre-certified" by Microsoft. In the Gateway setup I used the Audience GUID of c632b3df-fb67-4d84-bdcf-b95ad541b5c8. And this is working as expected. The only solution that I have found for targeting the Azure VPN Client app is to create a Service Principal using that Audience GUID. This seems like a bit of a hack, so I am posting here to see if there are any other methods that I am missing to target this app when it doesn't appear in my Enterprise Apps list.
Hacked Live account
Hello, On of our customers accounts was hacked. This is a Live account linked to his own emailadres (not hotmail) from his Internet Provider. A few weeks ago someone gained access to this account. They changed the recovery email address and the phone number. The customer has a paid Office 36 family account, which is paid for with his MasterCard and he can provide the invoice from the last years.. We tried the account recovery Form multiple times, opened a case with CDOC Case Management. We simply got the reply that they could not do anything but to suspend the account. I Think this is crazy, is there no solution to this ? Thanks,Conditional Access - Policy AND'ing - Registering Security Info
Hi All, I've been working away trying to solve an issue but haven't found a way around it just yet. The aim is to let an users on BYOD use TAP on a non-compliant device to setup their security info, but then for all other actions to have MFA+Compliance enforced from desktops. Three CA Policies from the templates articles with a tweak for passwordless: - Secure Registration Policy (MFA+TAP Auth Strength) - Device Compliance (MFA+TAP Auth Strength + Compliance) - Intune Enrollment (MFA+TAP Auth Strength) I'm noting a few outcomes here: Device Compliance (AND grant control) - User with a BYOD Device and TAP, can't enroll in MFA as the device isn't compliant, they cant workplace join the device either - User on an enrolled device, can use TAP to reset/create their MFA control Device Compliance (OR grant control) - User with a BYOD Device and TAP, can workplace join and register their security info without issues - User with an enrolled device has no issues using TAP to reset/create their MFA control. This makes sense with the AND'ing of policies, however for the registration method i'm wanting to let the user in on their BYOD device to register their security control, once done they can workplace join with no issues to access resources. The sign-in logs, always show the device compliance policy as hit, this is expected, the login shows a success for passwordless + tap but fails the compliance strength as expected. It doesn't look like its the device enrolment side of things, purely the registration portal getting in the way wanting the compliant device. Does anyone else have similar requirements and have a way to do this without a manual exclusion group? Thanks!
Case 2512040040001886 - Cannot Access Account
Since the 4th of December we have been patiently waiting on MS Tech support to assist on resolving our Case with no success endless calls and endless promises with no luck. How do you proceed in using Microsoft for a Business if they don't deliver on the support. My business is taking the brunt of it. I suppose another call holding for hours and another Support person promise a solution. No other methods to log complaints as you cannot log into your Account Portal.
