Home

Identity & Authentication

94 Conversations

Latest Activity

Custom List Message Item

We have ADFS Proxy servers (Web Application Proxy servers) in our perimeter network and have MFA configured.

We also have configured a very strict ADFS Extranet Account Lockout policy (3 bad passwords, 1 hour lockout) but we see this as unsustainable for b

... Read More
34 Views
2 Replies

We are currently experiencing frequent account lockouts from our ADFS servers.  We have tracked the offending authentication attemps to other countries.  We have tried wo

... Read More

Is it possible to recover a user and their mailbox past 30 days since deletion?  I have a user deleted permanently about 45 - 60 days ago and now we need their mailbox back.  Any suggestions?  Thanks.

35 Views
1 Reply

Nope. Contact support just in case, but be prepared for bad news.

 

For future reference, you can take a look at the Inactive mailboxes functionality that allows you to pre

... Read More

Hi,

   When allowing connectivity into Office 365, is there a way to restrict access to a single a tenant? For the purposes of DLP I need to prevent internal machines logging onto any another email service including other 365 tenants, how could this be ach

... Read More
610 Views
12 Replies

Hi This is done Through Tenant Restrictions.

 

You'll configure your outbound Proxy server, to insert a "Restrict-Access-To-Tenants: <permitted tenant list> header in packe

... Read More

There's no way to do this in O365, even if you have AD FS in place. You can probably use a similar solution to what's described in the article, with inspecting all traffi

... Read More

That`s something I have to deal with, too.

 

For me it is allowing access only to company devices. Intune doesn`t offer that.

 

Ben, for other Office 365 tenants you simple g

... Read More

Has anyone found a way to provide users with a shortcut to Yammer that would automatically log them in instead of having to enter their UPN on the Office365 login page first? I have found ways to create smart links for things like Sharepoint and OneDrive,

... Read More
183 Views
6 Replies

Hi,

Do you have ADFS and SSO enabled for these users?

Is your Yammer integrated into Office 365?

 

BR

Hi all

 

I desperately need a way to list all external Azure AD users including their status (if they have accepted the invitation or not), and it would be nice to be able to filter on domain. On TechNet I have found this PowerShell command:

 

Get-SPOExternal
... Read More
91 Views
4 Replies

Hi @Jakob Rohde,

 

a few years ago I battled with the same:

 

http://wp.me/p1fg2Y-xTm

 

I didn't get the full answer of your problem either, but at least I was able to get all

... Read More

You can use the command below to get the list of all the Office 365 external users (guest users).

 

Get-MsolUser -All | ? {$_.UserType -eq "Guest"} | Select DisplayName,Sig

... Read More

Dear Expert

 

My business requirements is that users need to able to sign-in to Office 365 using UPN with email address format. Currently, their username is the <EmployeeID>@emailaddressDomain.com.

 

A customer has Azure ADConnect. Do you have the suggested s

... Read More
76 Views
3 Replies
This is something you can do with PowerShell:
$Office365Cred=Get-Credential
Connect-MsolService -Credential $Office365Cred
set-msoluserprincipalname -newuserprincipalname <n... Read More

Hi All, we're making some changes to the authentication flow for the Office 365 home page.

 

Beginning August 9, accessing the authenticated Office 365 home page (either through https://portal.office.com or https://www.office.com) will require that your u

... Read More
495 Views
4 Replies

My organization does not subscribe to Azure AD Premium and we've never set up conditional access policies, but we received an alert in the Message Center that says, "Our

... Read More

What if the organization does not subscribe to Azure Active Directory Premium? I assume they are unaffected?

I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

 

It seems rela

... Read More
959 Views
30 Replies

Hi Matt,

 

It's not risky at all. At my experience it's simple as you mention.

I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected

... Read More

Hi,

 

I am hitting an issue when trying to add a work account to a Windows 10 PC.  The process goes through the normal user name/password prompts then you get the "circle of balls" rotating on the screen and there is stays.  Most users have given up and clo

... Read More
40 Views
0 Reply

Is there any news on enforcing MFA to O365 external users when they will access externally shared SPO sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled only for licensed users.

Azure B2B is in public preview b

... Read More
591 Views
2 Replies

I am also curious about this.

The Azure AD pricing says for every Azure AD Premium account, 5 guests can be invited and can use Azure AD Premium license. I used a Conditio

... Read More
Would like to know more about this also.

I'm having a problem creating domain filtered user views which looks like a bug and would be interested to see if anyone else has the issue. I'm seeing it on two differenttenants at the moment.

 

I have 3 vanity domains added to my tenant, 1 of which is fed

... Read More
64 Views
2 Replies

The filters basically return the result of:

 

Get-MsolUser -DomainName domain.com

 

or the corresponding tenant.onmicroft.com one. If you run the cmdlet, you will notice that

... Read More
Best Response

Hi, I have a question.

Can anyone tell me if it is required to extend the schema to implement ADFS 2016?

According to this link yes:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-2016-requirements
Schema requirements
New install

... Read More
2,309 Views
3 Replies
I'm a little confused about that statement as well.

That doesnt seem right, probably they meant to say it's a requirement for *some* features.

Hi guys,

 

Checkout my blog post under http://www.cloudguy.pro/posts/215 to see what you need to do in order to activate the IdPInitiatedSignon page in your ADFS 2016 farm...

 

With this in place you can test your authentication again.

 

Cheers

Read More
50 Views
0 Reply

Hi everybody,

 

I am facing a very strange authentication problem in my app.

To get a valid adal token I use the adaljs library, which works fine. I get a valid token and can connect to my Azure AppService. 

 

The app that runs in the Azure AppService then use

... Read More
134 Views
1 Reply

I checked the App Service and O365 App yesterday and came across these preview settings in the graph api:

snip_20170627084019.png

 

Could it be possible that there is a connection between my probl

... Read More

I have automated user interface testing set up for SharePoint Online.  I want to enable Multi-Factor Authentication and include that as part of my testing.  Does anyone have sample code for receiving the verification code from a test message or Mobile App

... Read More
49 Views
0 Reply

Hi.

I am testing MFA on some admin users. I have given the MFA admins a EMS licens so whitelisting of IPs is supported.

 

So I have whitelisted our office IP, and when my admin go to https://outlook.office365.com, MFA is not active. Doing so outside the offi

... Read More
4,667 Views
20 Replies

Hi Jesper,

 

Not sure if this is still an issue for you, but we've been able to get this working for our Admins (note that for this to work the admin account needs to be cl

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More

I am glad you re-opened this discussion. MS security scores https://securescore.office.com/ recommendation is MFA and we cannot use for admins due to the Powershell issue

... Read More
Found a thread that indicates that it is not possible to administrate EXO with Powershell when admin is MFA enabled: https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershell-and-MFA/m-p/3954#M14 Read More
I am also interested in this response.

Currently Jesper my understanding is that Powershell administration with MFA turned on is not supported. Or at least wasn't supporte... Read More

We have an issue where active directory attributes do not pull through to Yammer when some users launch Yammer the first time. We sync our on premise AD to Azure and have all AD fields populated. When I check in Azure or Admin Portal, the users details ar

... Read More
36 Views
0 Reply

Is there a way to see what resources 'Guest Users' have been given access?

108 Views
2 Replies

I was answered my own question.  For future reference you can do a Security and Compliance search for ViewableByExternalUsers:true to see what external users have access

... Read More

We enabled self-service password resets, and require users to choose at least 1 but up to  3 choices; mobile #, authentication email, and security questions. Say someone chooses just mobile and sets that up. Now, when they have a change of heart and would

... Read More
92 Views
1 Reply

Hi Joel

 

As an admin,  you define the authentication methods (phone, email security questions etc) that are available to the user when they need to reset their password

 

Ea

... Read More

I'm not sure if this question was ever asked, but can an Office365 user have multiple working app passwords? In other words, does the latest app password that is created for a user override the older ones?

113 Views
3 Replies

Hi Matt,

 

I advise to create a app password per application that you use, to better remove them if you need.

 

Here is the article and now the limit is 40 passwords.

 

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/multi-factor-authentication-end-user-app-passwords

Read More

You can, up to 10 different ones if I remember correctly. And that's one of the reasons you should really avoid using app passwords.

Can we config ADFS server for 3rd party Application while threre already O365 related ADFS exist

 

We have 2 ADFS and 2 WAP servers in the setup already which is serving O365 services

 

We need to have 1 more ADFS server only for internal SSO, with 3rd party

... Read More
71 Views
2 Replies

You can have thousands of RPTs (applications) serviced by the same AD FS infrastructure, why do you need to spin up a new farm?

Starting a few days ago, our Office 2013 users started reporting issues opening documents on SP en OneDrive. The version of Office 2013 is Professional Plus 15.0.4420.1017 (so it is not suitable for modern authantication).

 

A message pops up requesting to

... Read More
194 Views
6 Replies

Hi Bart, were you able to find any resolution to this?  

 

We're experiencing the same issue.  Only impacting Office 2013 instances.  We've updated the clients to the lates

... Read More

Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant

... Read More

Environment
AD Connect with Single Sign On and Password sync and Hybrid Exchange enabled.

 

I am using one server LAN based running AD Connect. If I move to ADFS, I understand that I will need the following:-
Domain joined server with ADFS services and a SSL

... Read More
208 Views
5 Replies

Hi Chris,

 

Absolutley agree with Vasil, one ADFS server is a recipe for disaster, even though a single ADFS server can handle thousands of logons, I always spec a minimum

... Read More

You can reuse the existing server, that's not a problem. Having a single AD FS server (or WAP one) is a recipe for disaster however, you should have at minimum 2+2 to ens

... Read More
Best Response

I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA.
I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview-of-support-for-azure-mfa-new-device-management-commands/

... Read More
11.1K Views
17 Replies

Anyone have a clue as to how to use MFA login in an unattended powershell script?

 

I have MFA working fine with powershell interactively - The login and MFA dialogs come u

... Read More

Seems that Exchange Online ist MFA enabled now.

Have a look at this article:

"Connect to Exchange Online PowerShell using multi-factor authentication"

https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

Read More

We've been able to get our Office 365 Admin accounts with MFA enabled working with Powershell for Exchange Online, Skype for Business etc.....with some caveats:

  • This requi
... Read More

The PnP powershell cmdlets can be use with MFA to peform many actions in SPO, see https://github.com/OfficeDev/PnP-PowerShell and use the https://github.com/OfficeDev/PnP-PowerShell/blob/master/Documentation/ConnectSPOnline.md

... Read More

What we ended up doing, was configuring Conditional Access MFA on the O365 Exchange Endpoint to while not at work for our admin group.  This seems to have helped us from

... Read More

Pictures from our badging systems are uploaded to users AD object (thumbnailPhoto). We launched Office 365 by introducing SharePoint Online and OneDrive Business. One of the important feedback from users was missing profile pictures from SPO, ODB, Delve,

... Read More
134 Views
1 Reply

Yes, that's correct. You can upload larger pictures via ExO PowerShell, but that still requires Exchange mailboxes. On the SPO side of things, you can use the tool here: https://github.com/SharePoint/PnP/tree/master/Samples/Core.ProfilePictureUploader

... Read More