Forum Widgets
Latest Discussions
Alternative hostname for ADFS proxy possible?
Dear Community, I have setuped a ADFS server with "adfs.customer.com" and a ADFS proxy, who also externally listening on this URL. Here is my question: Can I configure an additional "external" URL like "adfs.bla.com" in the ADFS proxy so, that its listening to incoming requests and redirect it to adfs.customer.com? Thanks André
Outlook 2016 blank MFA screen for some users
I have a Conditional Access rule so that when someone connects from outside a trusted IP it requires MFA, I have a few users that get the "Requires password" message come up, they get a window and type in their username and click next, then the window disappears without prompting for MFA and it's back to where they were. Same thing if they go to File->Accounts if they are signed out and try to sign in they get asked for Email and then it just closes and they are still signed out. It's not for all users and everyone is using the same Office 365/2016 installation, monthly channel 1903, we use ADFS
Frequent Account lockouts
We are having passthrough authentication setup and we see lot of errors recently with the below process Process Information: Caller Process ID: 0x8e4 Caller Process Name: C:\Program Files\Microsoft Azure AD Connect Authentication Agent\AzureADConnectAuthenticationAgentService.exe Users are getting locked out too frequently. The auditing software points to the server where AD connect is installed. I am not sure why this is happening but need your advice and suggestions please. Thank you all.
Config Question: Microsoft 365, Microsoft Authenticator, Mac Mail Users
Hello All, We are currently using Microsoft 365 which is "hosted" or "federated" through GoDaddy. I want to pilot Microsoft Authenticator, so that we can have either MFA, SSO, or a combo of both. I'm running into a possible issue when I enable MFA for myself, as an enduser. We run TEAMS, and I only get asked to re-login into Teams to authenticate, which does work. However, if Mac Mail running as a client on the endpoint machine, should I assume that MFA will not work, since it is always communicating to the "hosted/federated" backend? That it never disconnects the connection? If there is something I should do differently with the config, I'd appreciate the guidance here.
SSO from PingOne to Entra app failing; Not matching on sub value and can't find by email
I am trying to implement SSO from PingOne to my Azure app I have registered in Entra External ID. When I don't have the PingOne account pre-provisioned, the sign-in flow provisions the account but with a bad value for the "Issuer" (the tenant id is incorrectly appended to the end of the issuer URL). This leads to a AADSTS500208 error. If I use Graph API to pre-provision the user with the proper "Issuer" URL, I get a message on the Entra prompt that says "Account Already Exists. Click next to sign in". Clicking Next gives the following error message: We couldn't find an account with this email addressLogin Catch-22: locked out of Work account due to MFA mismatch.
"I am the owner of the domain mydomain.be, registered at one.com. I have a Microsoft 365 Business Premium subscription. I am locked out of my work/school tenant admin account (mailto:email address removed for privacy reasons) due to an MFA issue — the Microsoft Authenticator is configured but not delivering push notifications, and the TOTP code length does not match what the login screen expects. I cannot access the admin center. I need to recover Global Admin access to my flavo.be tenant so I can manage users and licenses. I can prove domain ownership via DNS if required.NgcSet stays NO despite working WHFB setup - RPC 0x800706ba error
Hi everyone, I need help with a Windows Hello for Business certificate trust deployment that's almost working but stuck on the final step. **What's Working:** - Manual certificate enrollment works perfectly: `certreq -enroll -user -config "MyCA.domain.local\MyCA-CA" "MyWHFBTemplate"` - TPM 2.0 is ready, enabled, and functional - All Group Policies applied correctly (computer and user) - CA server healthy, templates published **What's NOT Working:** - `dsregcmd /status` shows `NgcSet : NO` (should be YES) - `NgcSvc` (Microsoft Passport) service is stopped on client - Getting error: "RPC server is unavailable (0x800706ba)" during automatic certificate enrollment - PIN setup fails because NGC containers won't create **The Strange Part:** Manual certificate enrollment works perfectly, but automatic enrollment fails with RPC errors. Both should use the same communication path to the CA. **Environment:** - On-premises certificate trust deployment (no Azure AD) - Domain-joined Windows 11 clients - Windows Server 2019/2022 infrastructure **Questions:** 1. Should NgcSvc start automatically when WHFB policies are applied? 2. Why would manual cert enrollment work but automatic fail with RPC errors? 3. Is there a difference in how system context vs user context accesses the CA? Has anyone seen this specific combination before? Any ideas what could cause this behavior? Thanks for any help!
Hotmail to Outlook Migration Broke My Account
A year or two ago, I updated my Microsoft account to try and migrate from hotmail.com to @outlook.com. Since then, my Microsoft account is broken. I log in with my @outlook.com email, but account.microsoft.com displays my hotmail.com email everywhere. Mobile apps will not stay logged in properly and kick me out after a day. On my account info page my @outlook.com email isn't even listed and hotmail.com is listed as primary, but only logging in with @outlook works. I'm pretty sure when I originally tried to migrate my account some exception wasn't handled properly part way through the process and my account is in some sort of database limbo. Is there anyone at Microsoft here that can help with this? Also, sorry if this isn't the right place to post this, but a call with Microsoft support pointed me here and there doesn't seem to be a "Microsoft Account Support" hub or space on this platform. If anyone knows of a better location feel free to suggest that as well. Thanks!
