Home

Identity & Authentication

86 Conversations

Latest Activity

Custom List Message Item

I have automated user interface testing set up for SharePoint Online.  I want to enable Multi-Factor Authentication and include that as part of my testing.  Does anyone have sample code for receiving the verification code from a test message or Mobile App

... Read More
27 Views
0 Reply

Hi.

I am testing MFA on some admin users. I have given the MFA admins a EMS licens so whitelisting of IPs is supported.

 

So I have whitelisted our office IP, and when my admin go to https://outlook.office365.com, MFA is not active. Doing so outside the offi

... Read More
3,927 Views
20 Replies

Hi Jesper,

 

Not sure if this is still an issue for you, but we've been able to get this working for our Admins (note that for this to work the admin account needs to be cl

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More
Found a thread that indicates that it is not possible to administrate EXO with Powershell when admin is MFA enabled: https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershell-and-MFA/m-p/3954#M14 Read More
I am also interested in this response.

Currently Jesper my understanding is that Powershell administration with MFA turned on is not supported. Or at least wasn't supporte... Read More

Hi everybody,

 

I am facing a very strange authentication problem in my app.

To get a valid adal token I use the adaljs library, which works fine. I get a valid token and can connect to my Azure AppService. 

 

The app that runs in the Azure AppService then use

... Read More
26 Views
0 Reply

We have an issue where active directory attributes do not pull through to Yammer when some users launch Yammer the first time. We sync our on premise AD to Azure and have all AD fields populated. When I check in Azure or Admin Portal, the users details ar

... Read More
25 Views
0 Reply

Is there a way to see what resources 'Guest Users' have been given access?

79 Views
2 Replies

I was answered my own question.  For future reference you can do a Security and Compliance search for ViewableByExternalUsers:true to see what external users have access

... Read More

Has anyone found a way to provide users with a shortcut to Yammer that would automatically log them in instead of having to enter their UPN on the Office365 login page first? I have found ways to create smart links for things like Sharepoint and OneDrive,

... Read More
50 Views
0 Reply

We enabled self-service password resets, and require users to choose at least 1 but up to  3 choices; mobile #, authentication email, and security questions. Say someone chooses just mobile and sets that up. Now, when they have a change of heart and would

... Read More
59 Views
1 Reply

Hi Joel

 

As an admin,  you define the authentication methods (phone, email security questions etc) that are available to the user when they need to reset their password

 

Ea

... Read More

Hi, I have a question.

Can anyone tell me if it is required to extend the schema to implement ADFS 2016?

According to this link yes:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-2016-requirements
Schema requirements
New install

... Read More
41 Views
1 Reply

That doesnt seem right, probably they meant to say it's a requirement for *some* features.

I'm not sure if this question was ever asked, but can an Office365 user have multiple working app passwords? In other words, does the latest app password that is created for a user override the older ones?

94 Views
3 Replies

Hi Matt,

 

I advise to create a app password per application that you use, to better remove them if you need.

 

Here is the article and now the limit is 40 passwords.

 

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/multi-factor-authentication-end-user-app-passwords

Read More

You can, up to 10 different ones if I remember correctly. And that's one of the reasons you should really avoid using app passwords.

Can we config ADFS server for 3rd party Application while threre already O365 related ADFS exist

 

We have 2 ADFS and 2 WAP servers in the setup already which is serving O365 services

 

We need to have 1 more ADFS server only for internal SSO, with 3rd party

... Read More
60 Views
2 Replies

You can have thousands of RPTs (applications) serviced by the same AD FS infrastructure, why do you need to spin up a new farm?

I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

 

It seems rela

... Read More
466 Views
18 Replies

Hi Matt,

 

It's not risky at all. At my experience it's simple as you mention.

I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected

... Read More

Starting a few days ago, our Office 2013 users started reporting issues opening documents on SP en OneDrive. The version of Office 2013 is Professional Plus 15.0.4420.1017 (so it is not suitable for modern authantication).

 

A message pops up requesting to

... Read More
149 Views
6 Replies

Hi Bart, were you able to find any resolution to this?  

 

We're experiencing the same issue.  Only impacting Office 2013 instances.  We've updated the clients to the lates

... Read More

Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant

... Read More

Environment
AD Connect with Single Sign On and Password sync and Hybrid Exchange enabled.

 

I am using one server LAN based running AD Connect. If I move to ADFS, I understand that I will need the following:-
Domain joined server with ADFS services and a SSL

... Read More
150 Views
5 Replies

Hi Chris,

 

Absolutley agree with Vasil, one ADFS server is a recipe for disaster, even though a single ADFS server can handle thousands of logons, I always spec a minimum

... Read More

You can reuse the existing server, that's not a problem. Having a single AD FS server (or WAP one) is a recipe for disaster however, you should have at minimum 2+2 to ens

... Read More
Best Response

I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA.
I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands/

... Read More
8,769 Views
17 Replies

Anyone have a clue as to how to use MFA login in an unattended powershell script?

 

I have MFA working fine with powershell interactively - The login and MFA dialogs come u

... Read More

Seems that Exchange Online ist MFA enabled now.

Have a look at this article:

"Connect to Exchange Online PowerShell using multi-factor authentication"

https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

Read More

We've been able to get our Office 365 Admin accounts with MFA enabled working with Powershell for Exchange Online, Skype for Business etc.....with some caveats:

  • This requi
... Read More

The PnP powershell cmdlets can be use with MFA to peform many actions in SPO, see https://github.com/OfficeDev/PnP-PowerShell and use the https://github.com/OfficeDev/PnP-PowerShell/blob/master/Documentation/ConnectSPOnline.md

... Read More

What we ended up doing, was configuring Conditional Access MFA on the O365 Exchange Endpoint to while not at work for our admin group.  This seems to have helped us from

... Read More

Pictures from our badging systems are uploaded to users AD object (thumbnailPhoto). We launched Office 365 by introducing SharePoint Online and OneDrive Business. One of the important feedback from users was missing profile pictures from SPO, ODB, Delve,

... Read More
108 Views
1 Reply

Yes, that's correct. You can upload larger pictures via ExO PowerShell, but that still requires Exchange mailboxes. On the SPO side of things, you can use the tool here: https://github.com/SharePoint/PnP/tree/master/Samples/Core.ProfilePictureUploader

... Read More