Home

Identity & Authentication

113 Conversations

Latest Activity

Custom List Message Item

Hi, 

 

We currently have ADFS in place for user auth to 365 using a single domain 'domain1.com'

 

I now need to add additional federated domains - 'domain2.com and domain3.com'

   The new domains have been added and verified in 365 so now show as managed

... Read More
34 Views
2 Replies
Best Response confirmed by Paul Paginton (Occasional Contributor)

Hi there

 

I was hoping that I could get a bit of guidance to the challenge I have.

 

We are an established Office365 customer with SSO with ADFS, for the purpose of this we are using the email address @companya.com

 

Our organisation recently acquired an

... Read More
28 Views
1 Reply

Hi David,

 

You will need to do a Tenant to Tenant migration. But for that problem is only possible to have your domainname.com in only one Tenant.

 

You can read here th

... Read More

Hello,

 

I wanted to redirect our users to a company portal after they log out from office 365, I've tried setting the LogOffUri parameter in the MsolDomainFederationSettings but log out still redirects to the same url as before

 

any alternative or workaroun

... Read More
49 Views
1 Reply

Hi,

 

As far as I know, this scenario is not supported. The LogOffUri refers to the web address the user is actually performing the log off.

We have integrated ADFS into one of our SharePoint application for authentication. Our internal security team has performed Vulnerability Assessment & found high severity VA point of AD password visible in Clear text. they have installed interceptor tool

... Read More
33 Views
0 Reply

Hi,

we have an Office 365 tenant configured with Password Sync and Single Sign On enabled, which works fine.

Now we want to integrate a child company with a new forest which should work with AD Connect. The child company is already having an Office 365 with

... Read More
69 Views
2 Replies

Michael Obernberger wrote:

"The child company is already having an Office 365 with ADFS enabled"

"So now my question is, when I add the new forest to our AD Connect server.

... Read More
Best Response confirmed by Michael Obernberger (New Contributor)

Hi.

I am testing MFA on some admin users. I have given the MFA admins a EMS licens so whitelisting of IPs is supported.

 

So I have whitelisted our office IP, and when my admin go to https://outlook.office365.com, MFA is not active. Doing so outside the offi

... Read More
6,500 Views
21 Replies

Hi Jesper,

 

Not sure if this is still an issue for you, but we've been able to get this working for our Admins (note that for this to work the admin account needs to be cl

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More
Found a thread that indicates that it is not possible to administrate EXO with Powershell when admin is MFA enabled: https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershell-and-MFA/m-p/3954#M14 Read More
I am also interested in this response.

Currently Jesper my understanding is that Powershell administration with MFA turned on is not supported. Or at least wasn't supporte... Read More

I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA.
I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands/

... Read More
16.1K Views
19 Replies
You can still use the apppassword as a regular password for these cases until MFA is good and natively supported.

Anyone have a clue as to how to use MFA login in an unattended powershell script?

 

I have MFA working fine with powershell interactively - The login and MFA dialogs come u

... Read More

Seems that Exchange Online ist MFA enabled now.

Have a look at this article:

"Connect to Exchange Online PowerShell using multi-factor authentication"

https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

Read More

We've been able to get our Office 365 Admin accounts with MFA enabled working with Powershell for Exchange Online, Skype for Business etc.....with some caveats:

  • This requi
... Read More

The PnP powershell cmdlets can be use with MFA to peform many actions in SPO, see https://github.com/OfficeDev/PnP-PowerShell and use the https://github.com/OfficeDev/PnP-PowerShell/blob/master/Documentation/ConnectSPOnline.md

... Read More

Besides Focused Inbox, is anyone aware of any other features dependent on having Modern Authentication enabled?

103 Views
4 Replies

MAPI/HTTP, Conditional access, tenant restrictions, pass-trough auth, you name it... You should be planning to switch to using Modern auth as soon as possible, regardless

... Read More
Best Response confirmed by CC Adeyemo (Contributor)

I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

 

It seems rela

... Read More
3,629 Views
34 Replies

Hi Matt,

 

It's not risky at all. At my experience it's simple as you mention.

I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected

... Read More

In my environment we are running Exchange 2013 Hybrid.  All mailboxes are in O365.  We have certain requirements around our implementation that require ADFS.  With that being said, I am really struggling with coming up with the set of claims based rules t

... Read More
2,965 Views
13 Replies

Which version are you using? x-ms-proxy only works with the 2008 R2 version, if you are on 2012 R2 you should use insidecorporatenetwork. If your clients are Office 2016/

... Read More
Best Response confirmed by Stephen Bell (Contributor)

@Trevor Seward gave a presentation on configuring ADFS in Azure yesterday, he may be able to offer some assistance.

Read More

Hi,

 

We are interested in enabing Modern Authenication for SfB and EXO. We are in the middle of migrating to EXO, so we are in a Hybrid configuration at the moment.

 

All our users are using Outlook 2016, so we don't anticipate any compatibility issues. We a

... Read More
85 Views
2 Replies

Hybrid can be tricky, especially when mixing Exchange/SfB. They just announced public preview for the Hybrid modern auth scenario: https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/SfB-Hybrid-Modern-Auth-w-EXO-goes-Public-Preview/ba-p/114360

... Read More

Hi Thomas,

 

It's always adviced that you have another Office 365 Tenant to evaluate those changes.

 

When you enable Modern Auth is asked to the end users in next logon or n

... Read More

Unable to connect Skype for business online PowerShell after enable multi factor authentication.

I am able to conenct Exchange Online through connect-EXOPSSession and connect-msolservice.

 

Anyone can help me

 

 

Read More
698 Views
5 Replies

Hi All,

 

Would like to report some issue on our O365 tenant, everytime a user is logging in to O365 they're  prompt with "Additional info required" after clicking Next a page will say "We're sorry, but your Administrator has not enabled you to register at

... Read More
118 Views
1 Reply

Open a support case to have this properly investigated.

Starting this week, what should be the primary e-mail address, disappeared for some users.  It seems to be related to name changes--and not just recent ones.  Before this week, there have been no issues with name changes. 

 

For example, SaraSmith@domain ha

... Read More
110 Views
4 Replies
To me it seems to be a synchronization problem since Office 365 is not going to make any changes in your AD...could it happen that those objects were not well prepared in... Read More

Newbee here, We have an O365 environment where we log in to O365 via AD FS.  We have had many unplanned outage (not controlled by IT and many more scheduled)  which has taken down power to our data center, which includes our AD FS server.  How do others f

... Read More
204 Views
5 Replies

Thanks everyone for the responses.  I am working with our Infrastructure Team on next steps. 

Hi Nathan,

 

I agree with Dominics comments.

 

More food for throught here https://gallery.technet.microsoft.com/ADFS-Design-Considerations-f30c0b95 

 

Also, see discussion her

... Read More

Hi Nathan,

 

You should have a high availability solution for AD FS with load balances AD FS and AD FS proxy servers. You can switch from single sign-on to password sync ma

... Read More

IOS apps cache O365 Auth, we delete all MS relate apps on IOS and delete Outlook app.

But when we open Outlook apps it still appear a O365 profile and then auth failed.

Any idea to clean up O365 cache auth on Outlook Apps, or any apps with link to Outlook A

... Read More
93 Views
1 Reply

Hi John,

 

It can take up to 3-7 days after deleting the Outlook for iOS app on your mobile devices to clear the cache completely.

 

TechNet describes the following three opt

... Read More
Best Response confirmed by John Tseung (Contributor)

Is there any news on enforcing MFA to O365 external users when they will access externally shared SPO sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled only for licensed users.

Azure B2B is in public preview b

... Read More
1,026 Views
5 Replies
I was able to confirm that you can use Conditional Access Policies (features Azure AD Premium) to enforce MFA for external users on publicly shared SharePoint sites. Exte... Read More

I am also curious about this.

The Azure AD pricing says for every Azure AD Premium account, 5 guests can be invited and can use Azure AD Premium license. I used a Conditio

... Read More
Would like to know more about this also.

We have ADFS Proxy servers (Web Application Proxy servers) in our perimeter network and have MFA configured.

We also have configured a very strict ADFS Extranet Account Lockout policy (3 bad passwords, 1 hour lockout) but we see this as unsustainable for b

... Read More
284 Views
4 Replies

We are currently experiencing frequent account lockouts from our ADFS servers.  We have tracked the offending authentication attemps to other countries.  We have tried wo

... Read More

Hi, I have a question.

Can anyone tell me if it is required to extend the schema to implement ADFS 2016?

According to this link yes:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-2016-requirements
Schema requirements
New install

... Read More
2,421 Views
4 Replies

There is known issue with that.

 

The 2016 farm behavior level requires the ADDS 2016 schema (DC can be at a lower level, but the schema needs to be 2016). BUT, when you

... Read More
Best Response confirmed by Vasil Michev (MVP)
I'm a little confused about that statement as well.

That doesnt seem right, probably they meant to say it's a requirement for *some* features.

We are planning to deploy ODB for about 10000 users.

The main issue right now is controlling the access and dealing with compliance.

 

There are a few things that I need some clarification on;

The end goal here is to have MFA prompts for internal/external use

... Read More
172 Views
3 Replies

If you want to use custom MFA provider, you have to federate with your on-premises AD or use 3rd part federation. Azure AD Conditional access only supports Azure MFA as a

... Read More

We are looking at  maybe switching our MFA tokens from one token provider to another. Rather then making that switch all at once we would like to do it a stataged manner.  I am wondering if its possible to control with groups what authentication provider

... Read More
164 Views
4 Replies

You will have to use some custom solution for that, AD FS will display/allow all available MFA methods.

Best Response confirmed by Matt Karel (Contributor)

Hi everyone,

 

I have the following task: Connect to a SharePoint 2016 Site which is Secured by ADFS using an Angular Client.

 

The parties I have are: 

* Angular JS Client Application using ADAL

* WCF Middleware also using AuthenticationContext

* ADFS on Server

... Read More
100 Views
0 Reply

Hi Community I have a few questions around ADFS in 2016 and Azure  if anyonbody has some experience.

The TechNet documentation around this is a bit vague on details and am trying to determine the end user effect of upgrading and enabling the option to use

... Read More
84 Views
1 Reply

1) yes, Code is the only supported method atm. You cannot use the app prompts to quickly approve/deny.

2) again, Code is the only supported method. For Primary auth that i

... Read More

Hi

I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:

Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com

My response is:

Connect-SPOService : Could no

... Read More
906 Views
5 Replies

Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialo

... Read More

you really need to get prompted for authentication as MFA is enabled.

Don't know what you are trying but i would look into the PNP powershell commands which have the compl

... Read More

We are trying to confirm the experience we are seeing is to be expected.

 

We are using ADFS to authenticate our users and provide a SSO experience which works fine.

 

As soon as we enable the ability to provide external sharing to SPO, our users get directed

... Read More
88 Views
2 Replies
This is the experience that you will get as I have seen this before. The issue is that external users need to authenticate through AAD as that holds there account referen... Read More