Forum Widgets
Latest Discussions
Microsoft Authenticator führt Wiederherstellung nicht aus
Ich möchte die App auf meinem neuen Handy weiter nutzen und habe dafür auf dem alten Gerät eine Sicherung erstellt. Wenn ich nun die App auf dem neuen Handy einrichten möchte, bekomme ich eine Fehlermeldung, daß es angeblich keine Sicherung gibt. Ich benötige die App dringend für die MFA. Kann jemand helfen?How do I find the account linked to an Office Home & Student 2013 key?
Hello everyone, Microsoft's after-sales service redirected me here because they no longer provide updates for this type of product, nor even security support. I have two Microsoft accounts. However, when I try to reconnect my key to one of them, it tells me the key is already linked to another Microsoft account. But which one?! How can I find that account or regain ownership of my Office key ? Thanks for your help.
Web-signin 3rd party IDP not working
We have a working Entra ID SAML federation to a third-party IdP that uses FIDO2/WebAuthn (IdP as Relying Party) for browser sign-in, and we are trying to use the same federation through Windows Web sign-in on an Entra-joined Windows 11 device — but the IdP page loads blank in the WebView and Microsoft-Windows-WebAuthN/Operational records zero events, while the same security key works fine for FIDO2 sign-in with login.microsoft.com as RP on the same device. Questions: - Is WebAuthn brokering to third-party Relying Parties inside the Web sign-in WebView supported? - If not, is it on the roadmap? - What is the supported architectural path for delivering passwordless Windows sign-in using a federated IdP's own FIDO2/WebAuthn credentials, given Graph API passkey provisioning is Beta-only?
How to target Azure VPN (Microsoft-Registered) app with Conditional Access Policies?
I have an Azure Point-to-Site VPN Gateway configured using the Microsoft-registered Azure VPN Client App ID (Audience value: c632b3df-fb67-4d84-bdcf-b95ad541b5c8). Everything is working correctly for our users. The issue I am having is that anyone with an Entra account can connect to the VPN and I want to restrict this with a blocking Conditional access policy. I do not want to create a custom app registration, because then I will have to change the 'audience' value on the app gateway and all user's will need to modify their VPN clients. The problem is I need to target the Microsoft-registered Azure VPN app in a Conditional Access policy but it does not appear in my Enterprise Applications list or in the CA app picker when searching. My questions: Why does the Microsoft-registered app not automatically create a service principal in my tenant the way other Microsoft apps do? Is there a supported way to make it appear in the CA app picker without creating a custom app registration or changing the gateway Audience value? Has anyone successfully targeted c632b3df-fb67-4d84-bdcf-b95ad541b5c8 in a CA policy while keeping it as the gateway Audience value? Thanks for the assistance hereBroken Account Recovery (discontinued product)
Hello everyone, We have the MSFT Office Family plan which has the now discontinued custom domain support that used to be an option as a "Premium" feature. Back in August we upgraded the phone of one of the account members on the family plan and lost connection to their MS Office account with the only device that was accessing to the account (the phone with access was reset as part of the upgrade/trade in process). I have tried the account recovery form and it simply doesn't work. I have tried to explain to MSFT support that the tool is broken but can't get anywhere. For the account in question we have an Outlook email client (with non working password) that has a cache of all of the email until loss of access occurred. So when I do the account recovery form, I have name, DOB, region, past passwords and data for all fields including sent email Id's and send subjects, But every time the MSFT recovery mechanism says "Unfortunately, we have determined that the information provided was not sufficient...". WTF. Every time I contact MSFT support I get the same answer, an explanation of the point system used to reset the the account. Same steps to recover....based on this, the recovery should work...yet it doesn't. I have tried somewhere 50+ attempts now over the last 9 months. I even have a contact who is VP level at MSFT who sponsored a support ticket internally but that just ended up with the support person sending me a link to the account recovery form and closed the ticket without looking in the details of the ticket. I can't modify / add a new account as MSFT has as a discontinued product no longer allow members to add/change id's. So I'm locked at the current user set. I have created another email address by saving the cached data to OLM file and importing via the Outlook client but that doesn't restore use of the @mydomain.com for that person. I even retained a lawyer who send a demand to MSFT legal...but the email address didn't go anywhere so at the point of needing to do this on headed paper/send via snail mail. Does anyone have any idea how to get through to MSFT explain the recovery tool is broken? I assume there are so few accounts using custom domains pin family plans that they simply don't test this recovery path. At this point without some internal guidance is a) lawyer and force a demand for password reset b) give up, ditch all of the users using the custom domain, configure an alias for all of the accounts and then change my MX record to a company doing email forwarding and then forward to the new/old legacy accounts (i.e. the ones with the mailto:email address removed for privacy reasons).
Authenticator
I need your help. I broke my Iphone and after replacing it I cannot log into my Microsoft admin account since the authentication app is not working. I am the administrator of my own small business account. I have gone through all the account recovery help but neither the send text to my number or call my number works. All online support depends on having an the code from the Authenticator app I am completely lost here ☹ hope someone can help Dadi Johannesson
Config Question: Microsoft 365, Microsoft Authenticator, Mac Mail Users
Hello All, We are currently using Microsoft 365 which is "hosted" or "federated" through GoDaddy. I want to pilot Microsoft Authenticator, so that we can have either MFA, SSO, or a combo of both. I'm running into a possible issue when I enable MFA for myself, as an enduser. We run TEAMS, and I only get asked to re-login into Teams to authenticate, which does work. However, if Mac Mail running as a client on the endpoint machine, should I assume that MFA will not work, since it is always communicating to the "hosted/federated" backend? That it never disconnects the connection? If there is something I should do differently with the config, I'd appreciate the guidance here.SSO from PingOne to Entra app failing; Not matching on sub value and can't find by email
I am trying to implement SSO from PingOne to my Azure app I have registered in Entra External ID. When I don't have the PingOne account pre-provisioned, the sign-in flow provisions the account but with a bad value for the "Issuer" (the tenant id is incorrectly appended to the end of the issuer URL). This leads to a AADSTS500208 error. If I use Graph API to pre-provision the user with the proper "Issuer" URL, I get a message on the Entra prompt that says "Account Already Exists. Click next to sign in". Clicking Next gives the following error message: We couldn't find an account with this email addressLogin Catch-22: locked out of Work account due to MFA mismatch.
"I am the owner of the domain mydomain.be, registered at one.com. I have a Microsoft 365 Business Premium subscription. I am locked out of my work/school tenant admin account (mailto:email address removed for privacy reasons) due to an MFA issue — the Microsoft Authenticator is configured but not delivering push notifications, and the TOTP code length does not match what the login screen expects. I cannot access the admin center. I need to recover Global Admin access to my flavo.be tenant so I can manage users and licenses. I can prove domain ownership via DNS if required.
