Forum Discussion
rey_junior
Aug 20, 2022Copper Contributor
Select a certificate that you want to use for authentication.
While logging into M365 OWA or Teams, it's showing an error - Welcome User
For security reasons, we require additional information to verify your account
Select a certificate that you want...
Kidd_Ip
Aug 21, 2022MVP
Please check:
1. Error applied to ALL users
2. Recreat the user profile (it was proved in some case)
3. Check your ADFS setup if error applied to all users
- rey_juniorAug 22, 2022Copper Contributor1. Error applied to ALL users
random - 1 or 2 users
2. Recreate the user profile (it was proved in some case)
nope
3. Check your ADFS setup if error applied to all users
no access - David CaddickOct 08, 2021Iron ContributorSo this is an area that we reviewed in depth about two years back, so it might have changed, but my understanding is that CA does NOT kick in until Modern Auth has processed the UserID + the CORRECT password. It's something that ideally could/should be changed to have CA check if it's a Domain Joined device in the correct Country/Region before it's allowed to move to the next step?
- BilalelHaddOct 08, 2021Iron ContributorHi Skipster311-1,
The statement is not entirely true. Yes, there should be a form of communication or authentication before a CA policy kicks in. For example, you require a user with a CA policy to use MFA with a session control of 1 day configured. In this example, the user holds his access token for the sign-in for 24 hours and will be prompted after 24 hours to re-authenticate. A Conditional Access policy triggers this.
But when you use the Continous Access Evaluation feature, it can recognize in nearly real-time changes on the client, which re-evaluates the policy. So based on the conditions, the statement of the evaluation differs.
The feature also describes it. A condition is required when trying to access company resources. I hope this helps.