Home

Identity & Authentication

105 Conversations

Latest Activity

Custom List Message Item

Newbee here, We have an O365 environment where we log in to O365 via AD FS.  We have had many unplanned outage (not controlled by IT and many more scheduled)  which has taken down power to our data center, which includes our AD FS server.  How do others f

... Read More
99 Views
5 Replies

Thanks everyone for the responses.  I am working with our Infrastructure Team on next steps. 

Hi Nathan,

 

I agree with Dominics comments.

 

More food for throught here https://gallery.technet.microsoft.com/ADFS-Design-Considerations-f30c0b95 

 

Also, see discussion her

... Read More

Hi Nathan,

 

You should have a high availability solution for AD FS with load balances AD FS and AD FS proxy servers. You can switch from single sign-on to password sync ma

... Read More

IOS apps cache O365 Auth, we delete all MS relate apps on IOS and delete Outlook app.

But when we open Outlook apps it still appear a O365 profile and then auth failed.

Any idea to clean up O365 cache auth on Outlook Apps, or any apps with link to Outlook A

... Read More
40 Views
1 Reply

Hi John,

 

It can take up to 3-7 days after deleting the Outlook for iOS app on your mobile devices to clear the cache completely.

 

TechNet describes the following three opt

... Read More

Is there any news on enforcing MFA to O365 external users when they will access externally shared SPO sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled only for licensed users.

Azure B2B is in public preview b

... Read More
750 Views
5 Replies
I was able to confirm that you can use Conditional Access Policies (features Azure AD Premium) to enforce MFA for external users on publicly shared SharePoint sites. Exte... Read More

I am also curious about this.

The Azure AD pricing says for every Azure AD Premium account, 5 guests can be invited and can use Azure AD Premium license. I used a Conditio

... Read More
Would like to know more about this also.

We have ADFS Proxy servers (Web Application Proxy servers) in our perimeter network and have MFA configured.

We also have configured a very strict ADFS Extranet Account Lockout policy (3 bad passwords, 1 hour lockout) but we see this as unsustainable for b

... Read More
148 Views
4 Replies

We are currently experiencing frequent account lockouts from our ADFS servers.  We have tracked the offending authentication attemps to other countries.  We have tried wo

... Read More

Hi, I have a question.

Can anyone tell me if it is required to extend the schema to implement ADFS 2016?

According to this link yes:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-2016-requirements
Schema requirements
New install

... Read More
2,349 Views
4 Replies

There is known issue with that.

 

The 2016 farm behavior level requires the ADDS 2016 schema (DC can be at a lower level, but the schema needs to be 2016). BUT, when you

... Read More
Best Response
I'm a little confused about that statement as well.

That doesnt seem right, probably they meant to say it's a requirement for *some* features.

We are planning to deploy ODB for about 10000 users.

The main issue right now is controlling the access and dealing with compliance.

 

There are a few things that I need some clarification on;

The end goal here is to have MFA prompts for internal/external use

... Read More
88 Views
3 Replies

If you want to use custom MFA provider, you have to federate with your on-premises AD or use 3rd part federation. Azure AD Conditional access only supports Azure MFA as a

... Read More

We are looking at  maybe switching our MFA tokens from one token provider to another. Rather then making that switch all at once we would like to do it a stataged manner.  I am wondering if its possible to control with groups what authentication provider

... Read More
87 Views
4 Replies

You will have to use some custom solution for that, AD FS will display/allow all available MFA methods.

Best Response

Starting this week, what should be the primary e-mail address, disappeared for some users.  It seems to be related to name changes--and not just recent ones.  Before this week, there have been no issues with name changes. 

 

For example, SaraSmith@domain ha

... Read More
81 Views
3 Replies
To me it seems to be a synchronization problem since Office 365 is not going to make any changes in your AD...could it happen that those objects were not well prepared in... Read More

Hi everyone,

 

I have the following task: Connect to a SharePoint 2016 Site which is Secured by ADFS using an Angular Client.

 

The parties I have are: 

* Angular JS Client Application using ADAL

* WCF Middleware also using AuthenticationContext

* ADFS on Server

... Read More
43 Views
0 Reply

Hi Community I have a few questions around ADFS in 2016 and Azure  if anyonbody has some experience.

The TechNet documentation around this is a bit vague on details and am trying to determine the end user effect of upgrading and enabling the option to use

... Read More
60 Views
1 Reply

1) yes, Code is the only supported method atm. You cannot use the app prompts to quickly approve/deny.

2) again, Code is the only supported method. For Primary auth that i

... Read More

Hi

I am unable to connect to SPO from SharePoint online management shell (6802.1200) using my federated account (no MFA set). I am executing command:

Connect-SPOService -Url https://TENANTNAME-admin.sharepoint.com

My response is:

Connect-SPOService : Could no

... Read More
244 Views
5 Replies

Passing the -Credentials parameter bypasses ADAL (i.e. switches to legacy auth), so you seem to have some issue with ADAL/Modern authentication. Do you get the ADAL dialo

... Read More

you really need to get prompted for authentication as MFA is enabled.

Don't know what you are trying but i would look into the PNP powershell commands which have the compl

... Read More

We are trying to confirm the experience we are seeing is to be expected.

 

We are using ADFS to authenticate our users and provide a SSO experience which works fine.

 

As soon as we enable the ability to provide external sharing to SPO, our users get directed

... Read More
64 Views
2 Replies
This is the experience that you will get as I have seen this before. The issue is that external users need to authenticate through AAD as that holds there account referen... Read More

Dear All,

 

I have one question, I have local domain and custom domain. when I setup azure adconnect and office 365. I synced with the OU filtering that has user has .local and .com in the same OU. my .com domain is synced corretly but .local domain is sync

... Read More
29 Views
1 Reply

That's really up to you. The .local value can be present in multiple attributes, so you need to decide which one to filter on. A simple solution is to populate one of the

... Read More

We are using Microsoft Intune to manage mobile devices

Our requirement is to allow only domain joined PC to have access of Office 365 app and outlook client.

We are running both Domain controller and  ADFS 3.0 server on Windows 2012 server and having below

... Read More
61 Views
0 Reply

Is it possible to recover a user and their mailbox past 30 days since deletion?  I have a user deleted permanently about 45 - 60 days ago and now we need their mailbox back.  Any suggestions?  Thanks.

47 Views
1 Reply

Nope. Contact support just in case, but be prepared for bad news.

 

For future reference, you can take a look at the Inactive mailboxes functionality that allows you to pre

... Read More

Hi,

   When allowing connectivity into Office 365, is there a way to restrict access to a single a tenant? For the purposes of DLP I need to prevent internal machines logging onto any another email service including other 365 tenants, how could this be ach

... Read More
747 Views
12 Replies

Hi This is done Through Tenant Restrictions.

 

You'll configure your outbound Proxy server, to insert a "Restrict-Access-To-Tenants: <permitted tenant list> header in packe

... Read More

There's no way to do this in O365, even if you have AD FS in place. You can probably use a similar solution to what's described in the article, with inspecting all traffi

... Read More

That`s something I have to deal with, too.

 

For me it is allowing access only to company devices. Intune doesn`t offer that.

 

Ben, for other Office 365 tenants you simple g

... Read More

Has anyone found a way to provide users with a shortcut to Yammer that would automatically log them in instead of having to enter their UPN on the Office365 login page first? I have found ways to create smart links for things like Sharepoint and OneDrive,

... Read More
235 Views
6 Replies

Hi,

Do you have ADFS and SSO enabled for these users?

Is your Yammer integrated into Office 365?

 

BR

Hi all

 

I desperately need a way to list all external Azure AD users including their status (if they have accepted the invitation or not), and it would be nice to be able to filter on domain. On TechNet I have found this PowerShell command:

 

Get-SPOExternal
... Read More
116 Views
4 Replies

Hi @Jakob Rohde,

 

a few years ago I battled with the same:

 

http://wp.me/p1fg2Y-xTm

 

I didn't get the full answer of your problem either, but at least I was able to get all

... Read More

You can use the command below to get the list of all the Office 365 external users (guest users).

 

Get-MsolUser -All | ? {$_.UserType -eq "Guest"} | Select DisplayName,Sig

... Read More

Dear Expert

 

My business requirements is that users need to able to sign-in to Office 365 using UPN with email address format. Currently, their username is the <EmployeeID>@emailaddressDomain.com.

 

A customer has Azure ADConnect. Do you have the suggested s

... Read More
109 Views
3 Replies
This is something you can do with PowerShell:
$Office365Cred=Get-Credential
Connect-MsolService -Credential $Office365Cred
set-msoluserprincipalname -newuserprincipalname <n... Read More

Hi All, we're making some changes to the authentication flow for the Office 365 home page.

 

Beginning August 9, accessing the authenticated Office 365 home page (either through https://portal.office.com or https://www.office.com) will require that your u

... Read More
620 Views
4 Replies

My organization does not subscribe to Azure AD Premium and we've never set up conditional access policies, but we received an alert in the Message Center that says, "Our

... Read More

What if the organization does not subscribe to Azure Active Directory Premium? I assume they are unaffected?

I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

 

It seems rela

... Read More
1,401 Views
30 Replies

Hi Matt,

 

It's not risky at all. At my experience it's simple as you mention.

I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected

... Read More

Hi,

 

I am hitting an issue when trying to add a work account to a Windows 10 PC.  The process goes through the normal user name/password prompts then you get the "circle of balls" rotating on the screen and there is stays.  Most users have given up and clo

... Read More
59 Views
0 Reply

I'm having a problem creating domain filtered user views which looks like a bug and would be interested to see if anyone else has the issue. I'm seeing it on two differenttenants at the moment.

 

I have 3 vanity domains added to my tenant, 1 of which is fed

... Read More
83 Views
2 Replies

The filters basically return the result of:

 

Get-MsolUser -DomainName domain.com

 

or the corresponding tenant.onmicroft.com one. If you run the cmdlet, you will notice that

... Read More
Best Response

Hi guys,

 

Checkout my blog post under http://www.cloudguy.pro/posts/215 to see what you need to do in order to activate the IdPInitiatedSignon page in your ADFS 2016 farm...

 

With this in place you can test your authentication again.

 

Cheers

Read More
61 Views
0 Reply

Hi everybody,

 

I am facing a very strange authentication problem in my app.

To get a valid adal token I use the adaljs library, which works fine. I get a valid token and can connect to my Azure AppService. 

 

The app that runs in the Azure AppService then use

... Read More
167 Views
1 Reply

I checked the App Service and O365 App yesterday and came across these preview settings in the graph api:

snip_20170627084019.png

 

Could it be possible that there is a connection between my probl

... Read More