Forum Widgets
Latest Discussions
Federation Issues - No protocol handlers?
Hi All, It's been a number of years since I've federated a domain with Entra, i'm flipping this back in a home environment to complete some testing. Would appreciate some troubleshooting thoughts. What from memory was a quick task, I've spent waaaaay to long on this today. I've rebuilt the environment a number of times with the same outcome. Install ADFS (Enabled the sign-in page). Install WAP. Generate Let's Encrypt certificate and provide to the servers. Port Forward 443 to the WAP server. Use Entra Connect to Federate the domain (AD FS Config looks good and generated as Microsoft Office 365 Identity Platform) WAP is configured via AAD Connect (Blank but seems alright talking back to ADFS) I can hithttps://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspxand authenticate with UPN internally/externally. I can hithttps://adfs.domain.com/FederationMetadata/2007-06/FederationMetadata.xmlinternally/externally. I also setup IAMShowcase to test (SAML 2.0 Test Service Provider) and published the app via the WAP, worked fine for SP and IDP initiated flows. Interestingly enough, I am chucked the following error from the ADFS redirection with M365 authentication: Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request. This raises an error on the ADFS server ID#364, I've rebuilt a few times and havent been able to find much in troubleshooting. Would love to hear if someone else has seen something similar, i'm at a bit of a loss here. Encountered error during federation passive request. Additional Data Protocol Name: Relying Party: Exception details: Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) Get-MgFederatedDomainFederationConfiguration -IdentityDomain.com ActiveSignInUri :https://adfs.domain/adfs/services/trust/2005/usernamemixed IssuerUri :http://domain/adfs/services/trust/ MetadataExchangeUri :https://adfs.domain/adfs/services/trust/mex PassiveSignInUri :https://adfs.domain/adfs/ls/ PreferredAuthenticationProtocol : wsFed SignOutUri :https://adfs.domain/adfs/ls/MiikeNov 28, 2024Brass Contributor67Views0likes6CommentsSupport tickets unresolved after 11 months; escalation requests ignored; stuck in a feedback loop
Hello, We have been unable to update O365 applications for close to a year now. When we update the applications, our end-users are unable to authenticate and receive 1001 errors. We have had a support ticket open now for 11 months. We are stuck in a loop where support asks us to demonstrate the issue. I can consistently reproduce this issue. This is a cry for help. Thanks to anyone who has any suggestions.dank133Nov 26, 2024Copper Contributor10Views0likes0CommentsUser with hundreds of Interactive Sign-In log entries that are "Interrupted"
I have one user in our organization that has hundreds of Interactive Sign-in logs in EntraID that are marked as "Interrupted". I don't even know where to start with the user. Does anyone have a recommendation for isolating the cause of these logs? Recent entries are 95% related to Office Online Core SSO application.cmiarshvacNov 14, 2024Brass Contributor51Views0likes2CommentsAuthenticator Reset
I cannot log into my Office365 account. I'm not even sure what I have its been so long. I run a small business and set up the account myself. I did not have the authenticator backed up so when I lost my phone, i lost all of the authenticator accounts. Now I cannot log in due to not having the authenticator. I've been hung up on 3 times by microsoft support. How can I get the authenticator reset? I need to install the apps on a new machine. I can't even cancel the account because in order to do anything you have to log in.....which I can't do.bullzeyebrown77Nov 12, 2024Copper Contributor15Views0likes0CommentsHow to add Passkey for Entra ID / M365 Identity to Windows Hello or third-party password manager?
I manage many M365 tenants and can't add all of them to Windows as an account. Because of this I would like to add passkeys for those accounts to either a third-party password manager or (preferred) Windows Hello. So far I haven't found a way to do this. The passkey dialog at https://mysignins.microsoft.com/security-info only allows me to add a passkey to a physical key. So: So how can I add M365 passkeys to Windows Hello?PhilippeSNov 07, 2024Copper Contributor33Views0likes2CommentsSCIM - Provision null values
Hoping to get some more official feedback regarding Entra's in-ability to provision null values, mainly outbound provisioning. The SCIM standard caters for this use case, so what is Microsoft's reluctance on this functionality? If it's the concern of breaking functionality, surely it can be an 'opt-in' setting like the bulk delete setting? I know some good conversation has taken place here:https://learn.microsoft.com/en-us/answers/questions/223936/sending-an-empty-value-with-user-provisioning-(sciChristoph BerthoudNov 07, 2024Copper Contributor9Views0likes0CommentsFeature request - note field for AAGUID
Dear Microsoft Team, I am writing to request a feature enhancement for MS Entra. Specifically, it would be highly beneficial to have a note field associated with each enabled AAGUID. Currently, it is challenging to identify the device corresponding to each AAGUID. Adding this feature would greatly improve the usability and management of devices within MS Entra. Thank you for considering this request. I look forward to your response. Best regards, MartinSolvedMartin_KoeOct 22, 2024Copper Contributor181Views0likes2CommentsFallas AUTHENTICATOR
Tengo un problema enorme y es que no puedo iniciar sesión en mi cuenta de Outlook la cual tengo relacionada a Authenticator, me dice que me va a llegar un código y nunca me llega doy para ingresar el código manual y al ingresar el que me arroja en la app me dice que el código es erróneo, y no puedo montar un ticket porque para ello necesitaría iniciar sesión en la cuenta, y hablando con los soportes de chat no me dan una solución, soy de Colombia alguien me puede ayudar.ingenierosrenteriaOct 17, 2024Copper Contributor171Views0likes0CommentsChallenges with New MFA and SSPR Policies: Need Guidance
I am currently transitioning our Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA) to the new Authentication Methods policy, moving away from legacy policies. However, the lack of clarity on which methods are compatible with both scenarios is quite frustrating, and I wonder if I might be missing something. Our goal is to exclusively use the Authenticator app and security keys for both MFA and SSPR, eliminating all other methods. Additionally, we want to maintain the requirement of two methods (Authenticator app and security key) for password changes. We are in the process of distributing security keys to all staff. The issue I’m encountering is that while Microsoft promotes this new portal as a unified solution for both MFA and SSPR, not all methods are supported across both. Specifically, the security key does not currently work for SSPR. If I am unable to use the security key for SSPR and must resort to a less secure second method, I would at least like to disable that less secure method for MFA. However, it seems there is no way to configure this in the policy. Am I on the right track here? I am aware that Authentication Strengths can be configured—perhaps this is where I should focus? Any advice or discussion would be greatly appreciated.brentmattsonOct 17, 2024Brass Contributor194Views0likes2CommentsUnable to Access Old Microsoft 365 Account – How Can I Delete It Without Authenticator App?
Hello, I’m having an issue with my old Microsoft 365 account. Unfortunately, my Authenticator app no longer works, so I can’t log into that old account. Despite multiple attempts, the support hotline and email inquiries have gone unanswered. As a result, I’ve created a new Microsoft account for my company with a new domain name. However, I’m now paying for the Business Standard plan twice—once for the old account and once for the new one. Additionally, since I can’t access my old account anymore, I’m having trouble using my laptop properly. The icons no longer appear in their original shape and color—all of them have the same form and color now, which is making it difficult to work efficiently. I’d like to know how I can delete my old account and resolve this issue, since I no longer have access to the Authenticator app. Has anyone else experienced this issue? How can I solve it?? Many tahnks in advance Best regards from Germany LukasLukasJaegerOct 07, 2024Copper Contributor232Views0likes2Comments
Resources
Tags
- Authentication323 Topics
- office 365213 Topics
- security150 Topics
- admin60 Topics
- Identity51 Topics
- multi-factor authentication44 Topics
- exchange42 Topics
- Azure AD38 Topics
- Microsoft 365 Apps36 Topics
- hybrid35 Topics