Forum Widgets
Latest Discussions
Microsoft Authenticator on Apple Watch
According to this article: https://support.microsoft.com/en-us/account-billing/common-questions-about-the-microsoft-authenticator-app-12d283d1-bcef-4875-9ae5-ac360e2945dd The Microsoft Authenticator app is being discontinued on Apple Watch. I find this very disappointing. I used it many times per day. Yes, it was a bit buggy and unreliable, but it sure was better than picking up my phone every time! Please keep supporting the Watch app!Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern
Office 365 MFA and the Apple Mail app for iOS concern? We ourselves and several customers using Office 365 have noticed a recent issue with the Apple Mail app for iOS when Office 365 MFA is enabled. When users are out of a known or trusted location and required to MFA to sign in or access Office 365 resources the Apple Mail app for iOS is asking for the user's password. This should NOT happen if MFA is enabled and an App Password has been created to be used for the Mail app. The Mail app then prompts the user to enter their Office 365 password which confuses the end user because they try to re-enter the generated App Password which it then fails to sign in because it actual requires the user's standard password. Has there been recent changes to that platform and the Apple Mail app for iOS? I'm thinking that Apple finally updated the Mail app to support modern authentication, if so why hasn't documentation for it been updated? I can see that Apple introduced the capability in 11.0 but we could not get it to work out of the gate and found it to be NOT 100% reliable. So if they finally got this to work in the latest release of iOS what is the recommendation? Have all the current users update their passwords in the app from the App Password to their standard password or can we continue to use the App Password? We have noticed the increase in support requests from customers about this issue in the past 2 weeks or less.
Why are Microsoft Data Centres logging in to my Office 365 accounts? Activity Alerts - BAV2ROPC
Hello, I have an activity alert set up to email me whenever a log in is detected from one of my 12 office 365 email users. These emails contain the username logging in and the IP address the log in originated from. Until the end of 2019, all IP addresses were expected, either being that of the office, the Vodafone mobile network or the home addresses of the sales guys. In 2020, I have started getting log in alerts, which according to https://whatismyipaddress.com/ are from Microsoft Datacentres in Ireland, Holland and Austria, all with "Microsoft Corporation" as the ISP and sometimes with the same for the Organisation and sometimes with "Microsoft Azure". e.g 40.101.88.221 (Amsterdam), 40.101.102.149 (Dublin). Worried about potential breaches, I contacted Microsoft Support (who by the way are always ON IT, thank you) who helped me find info in the audit log to say the User Agent is BAV2ROPC, which lead me to this page https://www.reddit.com/r/Office365/comments/bl90gw/bav2ropc_user_agent_in_logs/ where someone's found it means "Business Apps v2 Resource Owner Password Credential", which is apparently the User Agent for an updated version of Outlook Mobile. I have a couple of questions / observations and wondered if anyone could shed any light on this. 1) My users don't know their passwords so it's highly unlikely they've been phished, so I don't think these are breaches. 2) My email account has triggered log ins from Microsoft IP addresses, and I have 2 factor authentication turned on where I received a text message code to my mobile. I have not received texts in relation to these logins, so again I don't think it's a breach. 3) I don't use Microsoft Outlook on my mobile, so don't think I'd be generating this BAV2ROPC user agent (but I am on the Activity Alerts). 4) If it was a device I was using causing this user agent, why aren't the Activity Alerts logging my IP address from my device's location? 5) My account is used to sign in programatically in a piece of software I wrote, so that could explain it for my account, but I'm also getting alerts for users who only access their email on their android phone on the built in email app. 6) The frequency I'm receiving Activity Alerts from Microsoft IP addresses is increasing. I get a few a day now. In summary, I don't think there's anything untoward goin on, but as a responsible admin, I'ld like to understand exactly what's occuring. Many thanks, DaveMicrosoft Entra ID (Azure AD) support for Passkeys
Hi, Has anyone seen any reference or blog as to when Microsoft Entra ID (Azure AD) will support Passkeys on iOS or Android devices and will this be classified as Phishing-Resistant MFA under Conditional Access Sign In policies. When you navigate to aka.ms/mysecurityinfo and attempt to enroll and new Security Key it now defaults to a QR Code to setup a Passkey and lets you go through the enrollment process however once you reach the final stage to give the Passkey a logical name under your account it prompts with an error message (see below). We have been using YubiKey as a FIDO2 Security Key for Phishing-Resistant MFA however as this is not supported for use with iOS and Android and has limited support for macOS we are hoping that Passkeys will be able to fill this gap. We have also explored Azure CBA however we do not have an existing PKI infrastructure and managing the lifecycle of certificates is painful and expensive compared to the cost of using a FIDO2 Security Key or Passkey.
MFA Shows Disabled, But Being Used
When I visit Azure Active Directory -> Users -> Multi-Factor Authentication, our initial accounts show "Multi-Factor Auth Status" as "Disabled", but we are seeing MFA prompts. I find it confusing that something shows "disabled" that is really turned on somehow??? Is there more than one type of MFA? We just received a trial for G1 as part of building a use case for moving to Office 365. I setup the tenant space by confirming our identity and I am a Global Administrator. I was prompted to setup MFA on my second logon, but I don't recall being offered any option other than text message. My understanding is that I had to turn on MFA for our accounts so I just setup SMS to get logged on the second time.Azure AD Connect Admin Audit log
Hi, Does anyone know if there is an Admin audit log for AADConnect? i'm looking for something that logs when an admin has, for example, made a change to the sync, such as adding or removing an OU from the sync scope, manually triggering an initial or delta sync, opening the admin tools or opening the connectors in edit mode? i am seeing a lot of clients systems whereby AAD Connect spends a lot of its time complaining about the need for an initial sync, I suspect a lot of these cases are where an admin has opened the sync and OK'd, or even cancelled out, but it seems to have marked the connector as changed. it seems odd that there is no evident admin audit log for something as critical, and security sensitive, as AAD Connect, if there isnt. if it relies on logging to event viewer only, then is there any guidance or documentation (i haven't managed to find any) to identify which event IDs would correlate to the above activities, trawling the logs so far i havent found anything identifying when a connector has been changed or, frankly, when an admin has opened or used the tools (MIISClient or Azure AD Connect app/tool) Thanks in advance for your input. Pete
