Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Failed log on (Failure message: Session information is not sufficient for single-sign-on.)

Copper Contributor

Hey All,

 

I've recently a few impossible travel alerts in which the anomalous logins had the description "Failed log on (Failure message: Session information is not sufficient for single-sign-on.)". Three of these failed login events where seen but none were from IPs with bad reputation. The error code is 50058 for Office 365 SharePoint Online. 

 

Reading the description from https://login.microsoftonline.com/error for the error code, I'm not understanding how this activity would be triggered from an anomolous country without session information being stolen. Could anyone shed any light on this?

 

Thankyou

2 Replies

@jdiamondI had the same error in my custom Web Application, and when I researched deeper in my code when I access one page using the TempData object for my MVC Controller, the system stop to work.

To solve that issue it´s only to change the TempData object for another option to store temporary data in your application and the system goes back to run properly.

 

I hope I helped,

 

Best Regards,

@jdiamond The failed SSO logins with 50058 errors show authentication is not succeeding. Attackers likely guessing passwords rather than having valid session data for those accounts. Anomalous locations indicate irregular access patterns - external attackers trying their luck. Not likely real session compromises.

 

Enable MFA and passwordless logins across organization to mitigate credential brute forcing risks going forward. Plus daily admin password changes. The goal is requiring more than reused passwords alone to get access. This will harden environment against these kinds of guessing attempts even if odd locations appear concerning initially. Additionally, this is an important reminder to ensure robust backups are in place for your cloud data. Even with hardening measures, data breaches can still occur. Backups provide last line protection if threats bypass other defenses through undiscovered means. Be sure to evaluate backup needs for your unique SaaS applications.