Migrate from Federated to Password Hash for Office Pro Plus
I am in the process of changing our authentication method from ADFS to Password Hash Sync. This change obviously affects logins to Office 365 on the web. How does it affect Office 365 ProPlus clients who have already logged in and got licensed? We use Outlook and OneNote Class Notebook heavily and need to know if our student's notebooks will continue syncing, or will they have to enter their credentials again for licensing and permissions to the notebooks.
Users registering in AD with company account
Hi, I'm new to the AD world, I'll explain the problem we are facing at work rn and I hope someone could give us some kind of info about this. We have some users that adds their personal pc to our AD with this window (SSO) in teams we ask our users to click on "no, sign in to this app only", but some go all the way to download authenticator and registering their device to AD, and the list expand day by day (we got more then 6k users). Is there any way to block this page or disable this function only for a group of users via a script or an option in device settings? They are educational accounts, not work accounts they don't need to enter our network, they just have to get the licenses, and in AD they're are seen as "registered" devices not "joined" if this helps. Thanks to whoever can give us some information about this issue
Office 365 Desktop App and MFA enabled users authentication
Hi, We're finishing with adding MFA to all our users, which is great. However, we are encountering an issue on systems with temporary sessions, like classroom labs and remote desktop server where sessions are cleaned regularly. When a user opens any Office app (We've been testing Word and Excel the most), the auto-login kicks off, as we see the name of the user appear in the top-right corner, but a "!" warnign sign appears next to it, because MFA was not completed. Now, this is kind of expected, because no MFA was completed, but it's also where the problems at its core resides: Why is there no MFA prompt to complete authentication? Right now, users need to click on their name, click on Connect next to the warning message and then they get the MFA prompt and the login completes. However, even when that's done, if they go to open/save documents, OneDrive/Sharepoint do not quickly appear in open/save menus, it takes a few moments (Sometimes takes a few minutes). They can go around taht by Adding a new location and selecting OneDrive Enterprise, but they need enter their account and MFA again to connect. If there wasn't any delay, it might still not be too bad, but a few minutes is way too long. We've been experimenting with having a process start at login to complete MFA right away so it's already completed when Word starts, but we're not managing to get any concrete result. Sometimes it works, sometimes it doesn't, like if sometimes only the app is authenticated and sometimes to autnehticated is passed to the entire session, but no way to have a constant result. The first test was to launch Edge with a homepage that requires MFA. Our second test was to install OneDrive (per-machine edition, as the per-user edition takes a bit of time to add itself to the user's profile) and have it launch at login (with a odopen:// url to have username prefilled) and only have a few clicks to complete MFA and be logged on. We also ran tests with the EnableADAL=1 key for the OneDrive app. Most tests were done on a VM (Where the test account has never connected, so no traces of the profile), did configs, took a cold snapshot, tested, reveted to snapshot to try other settings. In some cases, we did settings, and tried it and had a positive result. Then we revert back to the snapshot with the same exact settings and tried again, the app MFA login wasn't passed to Word. Both test from the same snapshot, same timeframe (time to login, authenticate in the app then launch Word to test). We've also tested different cases of delays between each steps to see if we needed to let some infos sync somewhere but it was available. Nothing concluant. In case some revert back to snapshots caused sync issues with AzureAD in some way, we ran some of those tests on physical computers and it also failed. Especially in the case of the remote desktop server, the usual case use is to connect and acces docuements through Word/Excel, which is harder to do, especially for people that are not used to using technology like these. We are running out of ideas on how to provide a better login/MFA experience. Any sure way to complete MFA, at login or simply when launching any Office app would be welcome! Any savior around here?
Office365 login with ADFS and public Email addresses
Hi, We have a scenario where a client wants to use private email addresses for login-credentials in Office 365. We believe that we need to use ADFS for authentication, but not sure where to start to implement this for emailaddresses that might be john.doe@hotmail.com The users only need to access sharepoint, prefarably via groups, and not using microsoft accounts. Anyone have any thoughts? Thanks in advance Daniel WahlgrenSelf-service MFA changes not possible for users
Spent a fairly long time investigating this ourselves and with MS support regarding what is clearly a bug regarding MFA, however fobbed off yesterday with a "By Design" response! In a nutshell - tenancy has MFA enforced for all users when off-site via conditional access. Works very well indeed UNTIL a user has a problem such as losing or damaging their MFA device. This shouldn't really matter as in the eyes of any layman, once on site they should be able to log on and change their MFA details as they can log on otherwise without issue. However, clicking through to their security info to do this forces them to authenticate, even on site. The only possible way for them to have their details changed is to ask an admin to reset it for them. It's 2021, we live in a self-service world yet this is deemed "by design". I can't be alone surely?Now available for Exchange, SharePoint and Teams - advanced deployment guides
The FastTrack team recently announced the availability of advanced deployment guides for Exchange, SharePoint and Microsoft Teams in the Microsoft 365 admin center. To learn more about deploying Microsoft 365 services in your organization and how to find these helpful guides, check out the team's latest blog post below: New Year, new Microsoft 365 Core advanced deployment guides for Exchange, SharePoint, and Teams!Which account should I login with for docs and techcommunity, Personal vs Work Accounts over time?
I am trying to determine which MS account to use when logging in to certain MS sites/sub-domains. I understand when to use my work account for certain MS/Azure services and when to use my personal account for others. Specifically, what account type (personal or work) does MS recommend that I use when logging into the support sites, primarily techcommunity.microsoft.com + docs.microsoft.com as well asl, answers.microsoft.com and support.microsoft.com ? For developers/IT, when should we use a work login which may be transient vs a personal account for the aforementioned support sites, taking into account that we would like our badges, comment history, subscriptions and certifications to be preserved and cross-referenced into the future? Below is a list of frequently used MS Sites grouped by the MS account type that I most commonly use to login with; Is this correct? If there a reference which outlines the implications of using work vs personal accounts when logging in to Microsoft sub domains, azure services, shared office services and MS support/community sites? Is docs.microsoft.com the only subdomain that simulates the merging of the work and personal account? (See Figure 1 below) **Personal Account (is it linked to my Work Account?): (See Figure 1 below)** https://docs.microsoft.com/ **Personal or Work Account:** https://answers.microsoft.com/ https://techcommunity.microsoft.com/ https://feedbackportal.microsoft.com/feedback https://support.microsoft.com/en-us https://trainingsupport.microsoft.com/ https://visualstudio.com/ **Work Account Only** https://protection.office.com/ https://portal.azure.com/ https://compliance.microsoft.com/ https://security.microsoft.com/ https://devicemanagement.microsoft.com/ https://portal.cloudappsecurity.com/ https://admin.teams.microsoft.com/ https://admin.microsoft.com/#/catalog https://outlook.office.com/mail/ https://myanalytics.microsoft.com/ https://servicetrust.microsoft.com/ https://developer.microsoft.com/ Personal Account Only *live.com https://outlook.live.com/ https://onedrive.live.com/ Figure 1: My work and personal account can both be used to login to docs.ms.com? Thank YouTraining: Office 365 Identity Management on MVA
If you want to learn user identity management, be sure to check out this course on Microsoft Virtual Academy (MVA)! The Office 365 identity management model is flexible – with a variety of implementation methods based on organization size, user experience, and security requirements. In this course, you'll learn about user and identity management models and concepts, examine the available options, and explore how to configure and manage user identities.
