Home Office 365

Identity & Authentication

78 Conversations

Latest Activity

Custom List Message Item

I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA.
I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands/

... Read More
6,018 Views
17 Replies

Anyone have a clue as to how to use MFA login in an unattended powershell script?

 

I have MFA working fine with powershell interactively - The login and MFA dialogs come u

... Read More

Seems that Exchange Online ist MFA enabled now.

Have a look at this article:

"Connect to Exchange Online PowerShell using multi-factor authentication"

https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

Read More

We've been able to get our Office 365 Admin accounts with MFA enabled working with Powershell for Exchange Online, Skype for Business etc.....with some caveats:

  • This requi
... Read More

The PnP powershell cmdlets can be use with MFA to peform many actions in SPO, see https://github.com/OfficeDev/PnP-PowerShell and use the https://github.com/OfficeDev/PnP-PowerShell/blob/master/Documentation/ConnectSPOnline.md

... Read More

What we ended up doing, was configuring Conditional Access MFA on the O365 Exchange Endpoint to while not at work for our admin group.  This seems to have helped us from

... Read More

Pictures from our badging systems are uploaded to users AD object (thumbnailPhoto). We launched Office 365 by introducing SharePoint Online and OneDrive Business. One of the important feedback from users was missing profile pictures from SPO, ODB, Delve,

... Read More
60 Views
1 Reply

Yes, that's correct. You can upload larger pictures via ExO PowerShell, but that still requires Exchange mailboxes. On the SPO side of things, you can use the tool here: https://github.com/SharePoint/PnP/tree/master/Samples/Core.ProfilePictureUploader

... Read More

I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

 

It seems rela

... Read More
278 Views
15 Replies

Hi Matt,

 

It's not risky at all. At my experience it's simple as you mention.

I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected

... Read More

A customer would like to register his legacy devices (Win 7) in Azure AD to take advantage of Conditional Access scenarios with corporate devices.

 

According to https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup

... Read More
75 Views
2 Replies
To support Automatic Registration of domain joined Win 7/8 devices you do need AD FS. We are investigating if we can enable this together with PTA but nothing to announce... Read More
Best Response

Environment
AD Connect with Single Sign On and Password sync and Hybrid Exchange enabled.

 

I am using one server LAN based running AD Connect. If I move to ADFS, I understand that I will need the following:-
Domain joined server with ADFS services and a SSL

... Read More
77 Views
3 Replies

Hi Chris,

 

Absolutley agree with Vasil, one ADFS server is a recipe for disaster, even though a single ADFS server can handle thousands of logons, I always spec a minimum

... Read More

You can reuse the existing server, that's not a problem. Having a single AD FS server (or WAP one) is a recipe for disaster however, you should have at minimum 2+2 to ens

... Read More
Best Response

I'm not sure if this question was ever asked, but can an Office365 user have multiple working app passwords? In other words, does the latest app password that is created for a user override the older ones?

68 Views
2 Replies

Hi Matt,

 

I advise to create a app password per application that you use, to better remove them if you need.

 

Here is the article and now the limit is 40 passwords.

 

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/multi-factor-authentication-end-user-app-passwords

Read More

You can, up to 10 different ones if I remember correctly. And that's one of the reasons you should really avoid using app passwords.

Starting a few days ago, our Office 2013 users started reporting issues opening documents on SP en OneDrive. The version of Office 2013 is Professional Plus 15.0.4420.1017 (so it is not suitable for modern authantication).

 

A message pops up requesting to

... Read More
83 Views
3 Replies

Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant

... Read More

Fixed issues:

Azure AD Connect sync 

    • Fixed an issue which causes Azure AD Connect wizard to fail if the display name of the Azure AD Connector does not contain the initial onmicrosoft.com domain assigned to the Azure AD tenant.
    • Fixed an issue which causes A
... Read More
193 Views
2 Replies
OH yes please ensure that you all get over to Azure AD Connect. Mainstream support for DirSync and AADSync goes away on April 13, 2017. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated#deprecation-schedule Read More

Thanks for the update @Vasil Michev. It is time for us to upgrade to the latest :)

Read More

Hi,

   When allowing connectivity into Office 365, is there a way to restrict access to a single a tenant? For the purposes of DLP I need to prevent internal machines logging onto any another email service including other 365 tenants, how could this be ach

... Read More
301 Views
10 Replies

There's no way to do this in O365, even if you have AD FS in place. You can probably use a similar solution to what's described in the article, with inspecting all traffi

... Read More

That`s something I have to deal with, too.

 

For me it is allowing access only to company devices. Intune doesn`t offer that.

 

Ben, for other Office 365 tenants you simple g

... Read More

Hello,

 

We have a client that we have the ARM templates working in Exchange online but they continue to get errors with their local Outlook clients trying to access them. In a hybrid environment what else is needed to get the local versions of Outlook to w

... Read More
72 Views
1 Reply

Did you ever get a solution to this? We have the same problem with an Exchange hybrid environment. I have assigned the EM+S E5 license to the user, and everything works i

... Read More

Is anyone able to descibe the process that occurs during password changes on-premises and how they are synced to Office 365?

In particular a customer is looking to force a lot of their users to reset their AD accounts by ticking the "User must change passw

... Read More
74 Views
3 Replies

Afaik it ignores expired passwords, but using this tick is different. If this option (flag) is configured, the password is not synced as per: https://github.com/Microsoft/azure-docs/blob/master/articles/active-directory/connect/active-directory-aadconnectsync-troubleshoot-password-synchronization.md

Read More

We have recently started looking at the security state of our O365 tenant with the Secure Score tool (https://securescore.office.com).  One of the suggestions to raise the score is to enable MFA for all Global Admin accounts.  However, the Azure AD sycn t

... Read More
90 Views
3 Replies
The AAD Connect Global Admins account is only required when you run the wizard. AAD Connect creates itself a service account that does not have Global Admins rights, rath... Read More
The Global Admin rights are only required to create the service account, they shouldn't be required after that.

I'm a network admin at a large non-profit. We are in the evaluation stage of rolling out Office 365 MDM. 

 

Fingerprint authentication on iOS devices is compatible with MDM. But I'm aware that at least Office 365 MDM breaks Android fingerprint authenticatio

... Read More
41 Views
0 Reply

Hi.

I am testing MFA on some admin users. I have given the MFA admins a EMS licens so whitelisting of IPs is supported.

 

So I have whitelisted our office IP, and when my admin go to https://outlook.office365.com, MFA is not active. Doing so outside the offi

... Read More
2,985 Views
19 Replies

Hi Jesper,

 

Not sure if this is still an issue for you, but we've been able to get this working for our Admins (note that for this to work the admin account needs to be cl

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More
Found a thread that indicates that it is not possible to administrate EXO with Powershell when admin is MFA enabled: https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershell-and-MFA/m-p/3954#M14 Read More
I am also interested in this response.

Currently Jesper my understanding is that Powershell administration with MFA turned on is not supported. Or at least wasn't supporte... Read More

Unable to connect Skype for business online PowerShell after enable multi factor authentication.

I am able to conenct Exchange Online through connect-EXOPSSession and connect-msolservice.

 

Anyone can help me

 

 

Read More
177 Views
4 Replies