Forum Widgets
Latest Discussions
Federation Issues - No protocol handlers?
Hi All, It's been a number of years since I've federated a domain with Entra, i'm flipping this back in a home environment to complete some testing. Would appreciate some troubleshooting thoughts. What from memory was a quick task, I've spent waaaaay to long on this today. I've rebuilt the environment a number of times with the same outcome. Install ADFS (Enabled the sign-in page). Install WAP. Generate Let's Encrypt certificate and provide to the servers. Port Forward 443 to the WAP server. Use Entra Connect to Federate the domain (AD FS Config looks good and generated as Microsoft Office 365 Identity Platform) WAP is configured via AAD Connect (Blank but seems alright talking back to ADFS) I can hithttps://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspxand authenticate with UPN internally/externally. I can hithttps://adfs.domain.com/FederationMetadata/2007-06/FederationMetadata.xmlinternally/externally. I also setup IAMShowcase to test (SAML 2.0 Test Service Provider) and published the app via the WAP, worked fine for SP and IDP initiated flows. Interestingly enough, I am chucked the following error from the ADFS redirection with M365 authentication: Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request. This raises an error on the ADFS server ID#364, I've rebuilt a few times and havent been able to find much in troubleshooting. Would love to hear if someone else has seen something similar, i'm at a bit of a loss here. Encountered error during federation passive request. Additional Data Protocol Name: Relying Party: Exception details: Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) Get-MgFederatedDomainFederationConfiguration -IdentityDomain.com ActiveSignInUri :https://adfs.domain/adfs/services/trust/2005/usernamemixed IssuerUri :http://domain/adfs/services/trust/ MetadataExchangeUri :https://adfs.domain/adfs/services/trust/mex PassiveSignInUri :https://adfs.domain/adfs/ls/ PreferredAuthenticationProtocol : wsFed SignOutUri :https://adfs.domain/adfs/ls/SolvedMiikeNov 28, 2024Brass Contributor124Views0likes9CommentsWebsite Rendering Issue on Microsoft Edge - Seeking Assistance
Hello everyone, I've been encountering an unexpected problem with my website's rendering specifically on Microsoft Edge browser. The website displays perfectly fine on other browsers like Chrome, Firefox, and Safari, but when viewed on Microsoft Edge, certain elements seem to be misaligned or appear distorted. I've ensured that the website's code is compliant with web standards and has been validated. Despite this, the issue persists exclusively on Edge. I've also tested it across multiple devices running different versions of Edge, and the problem seems consistent. The website is built using HTML5, CSS3, and JavaScript/jQuery for interactivity. I've used responsive design practices to ensure compatibility across various screen sizes. Has anyone encountered a similar problem before or have suggestions on how to address this issue specific to Microsoft Edge? Any insights, advice, or potential solutions would be greatly appreciated. Plz tell me how to fix as I am not a technical person. Thank you in advance for your help!Solvedmitchellsamu3Oct 27, 2024Copper Contributor1.8KViews0likes4CommentsFeature request - note field for AAGUID
Dear Microsoft Team, I am writing to request a feature enhancement for MS Entra. Specifically, it would be highly beneficial to have a note field associated with each enabled AAGUID. Currently, it is challenging to identify the device corresponding to each AAGUID. Adding this feature would greatly improve the usability and management of devices within MS Entra. Thank you for considering this request. I look forward to your response. Best regards, MartinSolvedMartin_KoeOct 22, 2024Copper Contributor184Views0likes2CommentsUser getting refresh token expired due to inactivity in Outlook desktop AADSTS70008
I have a user who continues to receive this AADSTS70008 error in Outlook Desktop. This computer has been in service for several years and Outlook desktop has been running fine. User can successfully authenticate in MS Teams and Outlook on the Web. MFA is enabled. I have attempted a restart but Outlook produces the same error. I have seen older posts suggesting that the registry key for the office activation be removed to fix this issue. Any thoughts on a more straightforward fix than registry hacks? DSTS70008Solved1.5KViews0likes2CommentsIdentify users not using MFA
Hi Microsoft Community, I'd like to identify users who are authenticating to our M365 tenant without MFA. Currently we have MFA enforced by way of Conditional Access policy applying to a group. However, I'd like to verify that all users in the tenant are authenticating with MFA as I suspect there are some users, such as 'service accounts', that do not. If I go to Sign In Logs I can see some instances of 'Single Factor Authentication' but for accounts I know and can verify are using MFA by way of our Conditional Access policy. So it would seem like I'm overlooking something, or looking in the wrong place. TIASolved509Views0likes3CommentsManaging Multiple M365 Administrator Accounts with Microsoft Authenticator Backup
Hello Tech Community, I am looking for some advice on how to efficiently manage and back up multiple M365 Administrator accounts using the Microsoft Authenticator app. As an IT Support professional working with multiple clients, I have a dedicated Global Administrator account for each client, and all accounts are secured with Multi-Factor Authentication (MFA) using Microsoft Authenticator. Setting up each Global Admin account with the Authenticator app is fairly straightforward, but I’ve run into an issue when trying to transfer these accounts to a new smartphone. While the Microsoft Authenticator app does transfer accounts to the new device, it seems that MFA will no longer work unless you scan a new QR code for each account. However, logging into these Global Admin accounts to obtain the new QR code is not feasible since MFA is required, creating a bit of a catch-22. I’d prefer not to resort to other authentication methods (SMS, email, etc.) for these Global Admin accounts, as it adds unnecessary complexity and potential vulnerabilities. Has anyone found a reliable solution for seamlessly backing up and transferring these MFA-enabled Global Admin accounts to a new phone without needing to re-authenticate via QR code? Any insights or best practices would be greatly appreciated!Solved507Views0likes5CommentsMerge user account on-prem and 365 account using Powershell
Hello, We have a user called dan claton who has an on-prem AD username of Dclayton and was not in the sync OU. A technician then created a O365 account for a mailbox dan.clayton@ and this has now been used for over two years. Can we merge these entries so the user signs in with the on-prem details but still uses the O365 licence and mailbox?SolvedtomwrigglesworthAug 05, 2024Copper Contributor506Views0likes4CommentsAccount Hacked
Hello Community, My account has been hacked, copied and/or duplicated with some other account as I was originally Sids1 with this email for more than 6 months now and this has changed somehow. It's very concerning to me since I also found some other person named Siddhartha when I was logging into my account. I reported that to the Microsoft Account Team but have not received any replies yet. Please suggest anything that can be done to catch this hacker who is stealing my identity to and fro. Best Regards Siddhartha SharmaSolvedSids11Jun 01, 2024Copper Contributor639Views1like3CommentsEnterprise application app secrete key need to update for SharePoint Online access.
Hi, I need to update the app secrete key which is already expired so that client can access SharePoint online site with app id and key. Problem is that this app I can only see under "Enterprise application" in "Azure AD" as "Service Principle" where I am not getting any option to update the secret key. And this app not showing under "App Registration" in "Azure AD". How to update the secret key via GUI or PowerShell command. Need help.SolvedPrakash_SinghApr 25, 2024Brass Contributor2.2KViews0likes3CommentsAuthentication Methods - FIDO2 & Authenticator Not Working Together
The issue is that my users are having trouble using the Microsoft Authenticator for authentication specificallly after they are being added to the FIDO2 authentication method. Before that, Authenticator works fine. But after being added to FIDO2, when they try to sign in, the "Authenticator" option is no longer visible. The only option is with the security key (and passkey). {And when I remove a user from FIDO2, the Authenticator option comes back.} Is there a way during sign in to offer both options to users?SolvedMario_MorelJan 29, 2024Copper Contributor1.9KViews0likes8Comments
Resources
Tags
- Authentication323 Topics
- office 365213 Topics
- security150 Topics
- admin60 Topics
- Identity51 Topics
- multi-factor authentication44 Topics
- exchange42 Topics
- Azure AD38 Topics
- Microsoft 365 Apps36 Topics
- hybrid35 Topics