Forum Widgets
Latest Discussions
Azure AD SSPR Password write back issue
Hi all, A company I work for have issues with the reset password function with AD Connect. In the SSPR audit logs in Azure AD, we face on 'Reset password (self-service)' the status reason 'OnPremisesAdminActionRequired', with a follow up event log within the AD connect server: event ID: 33004 with error "hr=80230626, message=The password could not be updated because the management agent credentials were denied access" I face this issue before and this was causing because the AD DS connector account did not have the right permissions. In this case this is not. What I have done so far: - Updated AD Connect from 2.0.89.0 to 2.0.91.0 - enforced TLS 1.2: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement - Checked AD DS connecter account 'MSOL_xxxxxxxx' permissions: https://docs.microsoft.com/en-us/azure/active-directory/authentication/troubleshoot-sspr-writeback#verify-that-azure-ad-connect-has-the-required-permissions - the user do not have the options 'password never expires' or 'user cannot change password' configured - Let AD connect talk to another DC dc02 instead of dc01 - Checked connection to SSPR service from DC's : Test-NetConnection -ComputerName ssprdedicatedsbprodscu.servicebus.windows.net -Port 443 - The action 'Change password (self-service)' are successful (via my account portal) , only action 'Reset password (self-service)' face this issue (via passwordreset.microsoftonline.com) -- both use the same OnPremisesAgent ->> AADConnect Have anyone a idea what else I can try more? Regards, RicardoSolvedvand3rlindenJul 09, 2026Brass Contributor26KViews0likes13CommentsHotmail to Outlook Migration Broke My Account
A year or two ago, I updated my Microsoft account to try and migrate from hotmail.com to @outlook.com. Since then, my Microsoft account is broken. I log in with my @outlook.com email, but account.microsoft.com displays my hotmail.com email everywhere. Mobile apps will not stay logged in properly and kick me out after a day. On my account info page my @outlook.com email isn't even listed and hotmail.com is listed as primary, but only logging in with @outlook works. I'm pretty sure when I originally tried to migrate my account some exception wasn't handled properly part way through the process and my account is in some sort of database limbo. Is there anyone at Microsoft here that can help with this? Also, sorry if this isn't the right place to post this, but a call with Microsoft support pointed me here and there doesn't seem to be a "Microsoft Account Support" hub or space on this platform. If anyone knows of a better location feel free to suggest that as well. Thanks!82Views0likes1CommentLost Backup with Microsoft Authenticator
Hello, I lost the phone where I had set up 2FA using Microsoft Authenticator for this email address. I had previously enabled cloud backup and have now tried to restore it to a new phone by carefully following the correct backup and recovery process. However, some very valuable and critical 2FA accounts are still missing and were not restored.52Views0likes2CommentsLost Backup with Authenticator App
I recently changed phones and followed Microsoft’s documented process for transferring my Authenticator accounts. Before changing devices, I enabled cloud backup and confirmed that authenticator showed a successful backup dated 21 June. I then installed the app on the new phone, selected the recovery option, and signed in using the same Microsoft account. Both phones used the same operating system, and all required cloud settings were enabled. Despite this, only two of my seven accounts were restored on the new phone. The app on my old phone then stopped working. I disabled VPNs, cleared the cache, confirmed a stable internet connection, checked notification permissions, and ensured battery optimisation was not interfering. When none of this worked, I updated the app. After the update, the remaining account data had disappeared, leaving only the same two accounts restored on the new phone. I followed the correct backup and recovery process. The app confirmed that the backup had completed successfully, yet five of seven accounts were not restored. Is there any way to recover an earlier backup or should I assume that the data I need is lost because of this useless app?71Views0likes3CommentsUnable to access Global Admin, username not recognised, need tenant recovery billing active
Unable to access Global Admin account for Microsoft 365 tenant. Username not recognised and I need tenant recovery. Billing is still active. I am the billing owner of a Microsoft 365 Business subscription for yutoriacupuncture.com.au but I have lost access to all Global Admin accounts. The original admin account email is returning “username may be incorrect”. No other admin or business emails are recognised. I have a business email associated with the admin account i can still log into. I recently briefly cancelled and reinstated my domain which may have affected tenant linkage. I also recently joined a university Microsoft 365 organisation which may be affecting sign-in routing? I have tried login.microsoftonline.com, admin.microsoft.com, password resets, and incognito browsers with no success. I have tried contacting support via phone and email but keeps cutting out, saying it can't identity me, or sends me into a loop hole with the support chat bot. I need Microsoft to escalate this to tenant recovery or Data Protection team to restore Global Admin access using billing and domain ownership verification.DeletedJul 02, 2026Not applicable52Views0likes2CommentsDevice Bound Session Credentials Edge
Hi everyone, For a customer i did some research about token protection within M365. I did find a lot information what to configure within M365 to get a multi layer protection (CA, Identity Protection, device compliance, etc). What i didn't found was a solution for token/cookie protection from the browser, until i found this article: https://en.ittrip.xyz/windows/edge/edge-147-device-bound#index_id0 This article states that edge 147 supports Device Bound Session Credentials which makes it much harder to do a off-device replay of a cookie. It also is saying: If you buy rather than build, ask your identity provider or SaaS vendor a direct question: do you have a roadmap for Device Bound Session Credentials or an equivalent browser-session binding model? So my question is: Does M365 (via the browser) supports Device Bound Session Credentials or will it be supported any time soon? Hope you have a nice day! Regards, MJSolvedmarkjanbakkerJul 02, 2026Tin Contributor58Views0likes2CommentsI received 2FA request but I can't identify the source
Since a couple of weeks, I've started received unwanted prompt on my phone to "confirm my identity": asking me to approve (second factor). Obviously, this isn't me and I reject those. At first, I was thinking it was just some phishing/stuffing attack, but I tried to find out how I could see those attempts and it is impossible to see "failed attempt" on the Windows Account web page or on the 2FA application. I have no clue how to investigate this, I would like to confirm what is the "source" of these attempts. Is there any way to have more extensive logs?36Views0likes2CommentsAAD multiple accounts from same realm is not supported by clients.
I've signed out of Excel for iPadOS 2.101.25100311. I've closed (not forced shutdown) and reopened the app. I'm trying to sign in with a different Microsoft account. However, it shows the error: "Another account from your organization is already signed in on this device". How can I completely sign out of that other account? The troubleshooting details are below. Correlation Id: 5520852a-4877-ec4c-97be-f3de2c079058 Timestamp: 2026-06-21T22:49:29.000Z DPTI: FAF41146-8AF4-425C-95EE-1654DD13C47C Message: AAD multiple accounts from same realm is not supported by clients. Tag: 5pzx9SolvedrootsmusicJun 22, 2026Brass Contributor129Views0likes1Commentmail@mydomain is causing a cert mismatch error in all browsers for Outlook.com
Hello, I have created a CNAME for our users in my domain so that they can access webmail. For example, it's called mail.mycustomdomain.com, and it is directed to Outlook.com But when I try to visit mail.mycustomdomain.com, it shows a security warning and recommends going back. I can understand because the SAN name in the certificate presented by Outlook doesn't include my CNAME. Is there anything I can do as a workaround so our users can enter the CNAME without encountering a Certificate Mismatch Error? It is causing repeated calls to the helpdesk, and we would like them to use something simple they can remember. Thanks94Views0likes3CommentsHow should home and small org users address Kali365 Hijacking Microsoft 365 Access Tokens?
How should home and small organization small business users address the recent Federal Bureau of Investigation Public Service Announcement “to warn the public about an emerging Phishing-as-a-Service platform called Kali365, first seen in April 2026” See Alert Number I-052126-PSA 21 May 2026Mark843Jun 15, 2026Copper Contributor1.1KViews0likes1Comment
Tags
- Authentication365 Topics
- office 365222 Topics
- security170 Topics
- Identity77 Topics
- admin70 Topics
- multi-factor authentication69 Topics
- Azure AD54 Topics
- Authenticator app54 Topics
- exchange44 Topics
- microsoft 365 apps40 Topics