Identity & Authentication | Microsoft Community Hub

Forum Widgets

Latest Discussions

Windows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Solved
Laurie_Aldam
Brass Contributor
Jul 21, 2025
Authentication
Identity
Modern authentication
multi-factor authentication
12KViews
6likes
17Comments
Deactivating Option to change Profile Picture at myaccount.microsoft.com
As the title says. I would like to deactivate the option for users to change their profile picture at myaccount.microsoft.com. The profile picture at our company is synchronized to AD and via Entra Connect to Entra ID. Is there an option as an admin to deactivate that option without deactivating the entire portal? Kind Regards Christopher Siebertz
Solved
CSI
Copper Contributor
Feb 21, 2025
Identity
microsoft 365
1.5KViews
1like
4Comments
Federation Issues - No protocol handlers?
Hi All, It's been a number of years since I've federated a domain with Entra, i'm flipping this back in a home environment to complete some testing. Would appreciate some troubleshooting thoughts. What from memory was a quick task, I've spent waaaaay to long on this today. I've rebuilt the environment a number of times with the same outcome. Install ADFS (Enabled the sign-in page). Install WAP. Generate Let's Encrypt certificate and provide to the servers. Port Forward 443 to the WAP server. Use Entra Connect to Federate the domain (AD FS Config looks good and generated as Microsoft Office 365 Identity Platform) WAP is configured via AAD Connect (Blank but seems alright talking back to ADFS) I can hit https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx and authenticate with UPN internally/externally. I can hit https://adfs.domain.com/FederationMetadata/2007-06/FederationMetadata.xml internally/externally. I also setup IAMShowcase to test (https://sptest.iamshowcase.com/) and published the app via the WAP, worked fine for SP and IDP initiated flows. Interestingly enough, I am chucked the following error from the ADFS redirection with M365 authentication: Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request. This raises an error on the ADFS server ID#364, I've rebuilt a few times and havent been able to find much in troubleshooting. Would love to hear if someone else has seen something similar, i'm at a bit of a loss here. Encountered error during federation passive request. Additional Data Protocol Name: Relying Party: Exception details: Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) Get-MgFederatedDomainFederationConfiguration -Identity http://domain.com/ ActiveSignInUri : https://adfs.domain/adfs/services/trust/2005/usernamemixed IssuerUri : http://domain/adfs/services/trust/ MetadataExchangeUri : https://adfs.domain/adfs/services/trust/mex PassiveSignInUri : https://adfs.domain/adfs/ls/ PreferredAuthenticationProtocol : wsFed SignOutUri : https://adfs.domain/adfs/ls/
Solved
Miike
Brass Contributor
Nov 28, 2024
ADFS
Authentication
2.5KViews
1like
15Comments
Website Rendering Issue on Microsoft Edge - Seeking Assistance
Hello everyone, I've been encountering an unexpected problem with my website's rendering specifically on Microsoft Edge browser. The website displays perfectly fine on other browsers like Chrome, Firefox, and Safari, but when viewed on Microsoft Edge, certain elements seem to be misaligned or appear distorted. I've ensured that the website's code is compliant with web standards and has been validated. Despite this, the issue persists exclusively on Edge. I've also tested it across multiple devices running different versions of Edge, and the problem seems consistent. The https://capprocutapk.com/ is built using HTML5, CSS3, and JavaScript/jQuery for interactivity. I've used responsive design practices to ensure compatibility across various screen sizes. Has anyone encountered a similar problem before or have suggestions on how to address this issue specific to Microsoft Edge? Any insights, advice, or potential solutions would be greatly appreciated. Plz tell me how to fix as I am not a technical person. Thank you in advance for your help!
Solved
mitchellsamu3
Copper Contributor
Oct 27, 2024
microsoft teams
mobile
2.1KViews
0likes
4Comments
Feature request - note field for AAGUID
Dear Microsoft Team, I am writing to request a feature enhancement for MS Entra. Specifically, it would be highly beneficial to have a note field associated with each enabled AAGUID. Currently, it is challenging to identify the device corresponding to each AAGUID. Adding this feature would greatly improve the usability and management of devices within MS Entra. Thank you for considering this request. I look forward to your response. Best regards, Martin
Solved
Martin_Koe
Copper Contributor
Oct 22, 2024
Azure AD
Modern authentication
multi-factor authentication
security
241Views
0likes
2Comments
User getting refresh token expired due to inactivity in Outlook desktop AADSTS70008
I have a user who continues to receive this AADSTS70008 error in Outlook Desktop. This computer has been in service for several years and Outlook desktop has been running fine. User can successfully authenticate in MS Teams and Outlook on the Web. MFA is enabled. I have attempted a restart but Outlook produces the same error. I have seen older posts suggesting that the registry key for the office activation be removed to fix this issue. Any thoughts on a more straightforward fix than registry hacks? DSTS70008
Solved
cmiarshvac
Brass Contributor
Sep 19, 2024
Authentication
microsoft 365 apps
Modern authentication
outlook
2.6KViews
0likes
2Comments
Identify users not using MFA
Hi Microsoft Community, I'd like to identify users who are authenticating to our M365 tenant without MFA. Currently we have MFA enforced by way of Conditional Access policy applying to a group. However, I'd like to verify that all users in the tenant are authenticating with MFA as I suspect there are some users, such as 'service accounts', that do not. If I go to Sign In Logs I can see some instances of 'Single Factor Authentication' but for accounts I know and can verify are using MFA by way of our Conditional Access policy. So it would seem like I'm overlooking something, or looking in the wrong place. TIA
Solved
pthoptho
Copper Contributor
Sep 18, 2024
Identity
Modern authentication
multi-factor authentication
2.5KViews
0likes
3Comments
Managing Multiple M365 Administrator Accounts with Microsoft Authenticator Backup
Hello Tech Community, I am looking for some advice on how to efficiently manage and back up multiple M365 Administrator accounts using the Microsoft Authenticator app. As an IT Support professional working with multiple clients, I have a dedicated Global Administrator account for each client, and all accounts are secured with Multi-Factor Authentication (MFA) using Microsoft Authenticator. Setting up each Global Admin account with the Authenticator app is fairly straightforward, but I’ve run into an issue when trying to transfer these accounts to a new smartphone. While the Microsoft Authenticator app does transfer accounts to the new device, it seems that MFA will no longer work unless you scan a new QR code for each account. However, logging into these Global Admin accounts to obtain the new QR code is not feasible since MFA is required, creating a bit of a catch-22. I’d prefer not to resort to other authentication methods (SMS, email, etc.) for these Global Admin accounts, as it adds unnecessary complexity and potential vulnerabilities. Has anyone found a reliable solution for seamlessly backing up and transferring these MFA-enabled Global Admin accounts to a new phone without needing to re-authenticate via QR code? Any insights or best practices would be greatly appreciated!
Solved
CebicTech
Copper Contributor
Aug 29, 2024
Authenticator app
microsoft 365
microsoft 365 admin center
841Views
0likes
5Comments
Merge user account on-prem and 365 account using Powershell
Hello, We have a user called dan claton who has an on-prem AD username of Dclayton and was not in the sync OU. A technician then created a O365 account for a mailbox dan.clayton@ and this has now been used for over two years. Can we merge these entries so the user signs in with the on-prem details but still uses the O365 licence and mailbox?
Solved
tomwrigglesworth
Copper Contributor
Aug 05, 2024
Azure AD Connect
711Views
0likes
4Comments
Account Hacked
Hello Community, My account has been hacked, copied and/or duplicated with some other account as I was originally Sids1 with this email for more than 6 months now and this has changed somehow. It's very concerning to me since I also found some other person named Siddhartha when I was logging into my account. I reported that to the Microsoft Account Team but have not received any replies yet. Please suggest anything that can be done to catch this hacker who is stealing my identity to and fro. Best Regards Siddhartha Sharma
Solved
Sids11
Brass Contributor
Jun 01, 2024
alerts
Authentication
Authenticator app
Azure Information Protection
Identity
892Views
1like
3Comments

Resources

Tags

Authentication335 Topics
office 365216 Topics
security159 Topics
Identity64 Topics
admin63 Topics
multi-factor authentication54 Topics
Azure AD46 Topics
exchange42 Topics
microsoft 365 apps38 Topics
Authenticator app38 Topics