Identity & Authentication topics

Broken Account Recovery (discontinued product)

anewham — Mon, 20 Apr 2026 04:18:08 GMT

Hello everyone,

We have the MSFT Office Family plan which has the now discontinued custom domain support that used to be an option as a "Premium" feature. Back in August we upgraded the phone of one of the account members on the family plan and lost connection to their MS Office account with the only device that was accessing to the account (the phone with access was reset as part of the upgrade/trade in process). I have tried the account recovery form and it simply doesn't work. I have tried to explain to MSFT support that the tool is broken but can't get anywhere. For the account in question we have an Outlook email client (with non working password) that has a cache of all of the email until loss of access occurred. So when I do the account recovery form, I have name, DOB, region, past passwords and data for all fields including sent email Id's and send subjects, But every time the MSFT recovery mechanism says "Unfortunately, we have determined that the information provided was not sufficient...". WTF.

Every time I contact MSFT support I get the same answer, an explanation of the point system used to reset the the account. Same steps to recover....based on this, the recovery should work...yet it doesn't. I have tried somewhere 50+ attempts now over the last 9 months. I even have a contact who is VP level at MSFT who sponsored a support ticket internally but that just ended up with the support person sending me a link to the account recovery form and closed the ticket without looking in the details of the ticket.

I can't modify / add a new account as MSFT has as a discontinued product no longer allow members to add/change id's. So I'm locked at the current user set. I have created another email address by saving the cached data to OLM file and importing via the Outlook client but that doesn't restore use of the @mydomain.com for that person. I even retained a lawyer who send a demand to MSFT legal...but the email address didn't go anywhere so at the point of needing to do this on headed paper/send via snail mail.

Does anyone have any idea how to get through to MSFT explain the recovery tool is broken? I assume there are so few accounts using custom domains pin family plans that they simply don't test this recovery path.

At this point without some internal guidance is a) lawyer and force a demand for password reset b) give up, ditch all of the users using the custom domain, configure an alias for all of the accounts and then change my MX record to a company doing email forwarding and then forward to the new/old legacy accounts (i.e. the ones with the mailto:email address removed for privacy reasons).

Authenticator

DadJo — Mon, 13 Apr 2026 14:30:38 GMT

I need your help.

I broke my Iphone and after replacing it I cannot log into my Microsoft admin account since the authentication app is not working.

I am the administrator of my own small business account. I have gone through all the account recovery help but neither the send text to my number or call my number works.

All online support depends on having an the code from the Authenticator app

I am completely lost here ☹

hope someone can help

Dadi Johannesson

Config Question: Microsoft 365, Microsoft Authenticator, Mac Mail Users

SkolBandit — Thu, 02 Apr 2026 15:45:45 GMT

Hello All, We are currently using Microsoft 365 which is "hosted" or "federated" through GoDaddy. I want to pilot Microsoft Authenticator, so that we can have either MFA, SSO, or a combo of both. I'm running into a possible issue when I enable MFA for myself, as an enduser. We run TEAMS, and I only get asked to re-login into Teams to authenticate, which does work. However, if Mac Mail running as a client on the endpoint machine, should I assume that MFA will not work, since it is always communicating to the "hosted/federated" backend? That it never disconnects the connection? If there is something I should do differently with the config, I'd appreciate the guidance here.

SSO from PingOne to Entra app failing; Not matching on sub value and can't find by email

ewhiteside — Tue, 31 Mar 2026 15:11:04 GMT

I am trying to implement SSO from PingOne to my Azure app I have registered in Entra External ID. When I don't have the PingOne account pre-provisioned, the sign-in flow provisions the account but with a bad value for the "Issuer" (the tenant id is incorrectly appended to the end of the issuer URL). This leads to a AADSTS500208 error. If I use Graph API to pre-provision the user with the proper "Issuer" URL, I get a message on the Entra prompt that says "Account Already Exists. Click next to sign in". Clicking Next gives the following error message:
We couldn't find an account with this email address

Login Catch-22: locked out of Work account due to MFA mismatch.

HansFLAVO — Mon, 30 Mar 2026 08:01:03 GMT

"I am the owner of the domain mydomain.be, registered at one.com. I have a Microsoft 365 Business Premium subscription. I am locked out of my work/school tenant admin account (email address removed for privacy reasons) due to an MFA issue — the Microsoft Authenticator is configured but not delivering push notifications, and the TOTP code length does not match what the login screen expects. I cannot access the admin center. I need to recover Global Admin access to my flavo.be tenant so I can manage users and licenses. I can prove domain ownership via DNS if required.

Problem authenticator app

Sgarrupino — Wed, 25 Mar 2026 12:10:37 GMT

Hi, how do I delete an account other than my personal account from the Authenticator app? It was added by mistake and is still there, and there isn't even a "delete account" button on microsoft.com.

Hotmail to Outlook Migration Broke My Account

crackerjam6 — Thu, 19 Mar 2026 17:30:54 GMT

A year or two ago, I updated my Microsoft account to try and migrate from hotmail.com to @outlook.com. Since then, my Microsoft account is broken. I log in with my @outlook.com email, but account.microsoft.com displays my hotmail.com email everywhere. Mobile apps will not stay logged in properly and kick me out after a day. On my account info page my @outlook.com email isn't even listed and hotmail.com is listed as primary, but only logging in with @outlook works.

I'm pretty sure when I originally tried to migrate my account some exception wasn't handled properly part way through the process and my account is in some sort of database limbo. Is there anyone at Microsoft here that can help with this?

Also, sorry if this isn't the right place to post this, but a call with Microsoft support pointed me here and there doesn't seem to be a "Microsoft Account Support" hub or space on this platform. If anyone knows of a better location feel free to suggest that as well.

Thanks!

SMS code is not sent due to blocking

Philipp_Ges — Thu, 12 Mar 2026 09:01:24 GMT

Hi! Sorry, I was using a translator to write this thread.

About two weeks ago, I lost access to my Microsoft account. I haven't forgotten my password, and I haven't logged in from a new device—the system simply decided something was wrong and decided to send me an SMS code to verify my identity.

I currently live in Russia and have a Russian SIM card. My government has blocked receiving SMS codes from foreign companies (WhatsApp, Telegram, Microsoft, etc.). I enter the last four digits of my phone number and click "Send Code," but then it says "This feature is currently unsupported." I've submitted recovery forms numerous times, but the account is very old and some of the information has simply been lost!

I was barely able to contact a live person from Xbox support, and they opened a service request for recovery. The operator handling my issue completely ignores my messages. The only response he gave was that the form I sent him by email couldn't confirm my identity. He didn't even notice that I just needed a security code for the email address I used to REGISTER the account, as I couldn't receive an SMS code due to the political situation in my country.

Today, I contacted a real Microsoft employee again, and he told me to write here because engineers often respond to messages and they can send me the code by email.

Please help me. This account has no material value other than a copy of Minecraft. This account is precious as a memory and something that helped me through an important period in my life.

Thank you for reading this thread.

Can't access Microsoft Authenticator for business accounts

KFBC_Tech — Fri, 27 Feb 2026 19:46:58 GMT

Hello. I am the tech support for a small church, where I am the admin for our MS 365 accounts, which are set up as "business accounts". I have been using Microsoft Authenticator for MFA for years. Recently I switched to a new phone and installed Microsoft Authenticator. All of my personal Authenticator accounts transferred over just fine, but all of the church's business accounts say "Scan the QR Code provided by your organization to finish recovering this account". The thing is, I am the "organization" and I don't know how to generate any QR code to recover the accounts. It was suggested that I could do something about this by logging into my Microsoft 365 administrator account, but when I try to log into my admin account, the only MFA option is "enter the code from Microsoft Authenticator". It's not offering a text or alternate email, only Microsoft Authenticator, which is what I'm locked out of. So I'm stuck in a loop.

I opened a ticket with Microsoft Support nine days ago. I have received one phone call since then. The support person insisted that they needed to talk to the account's "alternate administrator", which I set up as my pastor, who is pretty computer savvy but not a deep IT person. They tried to call him one time, but he was not available to answer right then. There has been no communication since then. I'm hoping someone in this group can help me figure this out.

Microsoft Feedback Portal account is not working

bobbyeagle — Mon, 02 Feb 2026 11:21:22 GMT

I changed my Microsoft password a year ago, and it updated everywhere other than the Feedback Portal. As a result, I get an error when I try to login, or do anything on the page.

Microsoft account support's suggestion was to login to the Feedback Portal which is insane given I'm having issues accessing it.

How can I get this issue resolved? I've got three separate support tickets now and they keep asking me to wait 24 hours to get the issue resolved.

Can someone from the Feedback Portal team please contact me to resolve this?"

This is what Microsoft Support have said:

"understand your frustration, and yes—this is an account‑related issue because the Feedback Portal is still tied to your old alias, which causes login conflicts and forces you out. Your Microsoft account itself signs in correctly, but the Feedback Portal is pulling outdated identity data that you cannot update on your own. Since you cannot access the Portal to submit feedback, directing you back there is not a workable solution. What you need is for Support to escalate this to the internal Identity/Feedback Platform engineering team so they can manually correct the outdated alias mapping on the backend. In this situation, the Feedback Portal and Tech Community teams are the ones who manage and maintain that specific platform. Because the issue appears on the Feedback Portal side—even though your Microsoft account is working normally—only their dedicated team can make the necessary corrections on their end. That’s why we are guiding you to connect with them through the links provided: https://techcommunity.microsoft.com/ or https://feedbackportal.microsoft.com/feedback. They will be able to review the portal‑specific account data and assist you further. I understand why this is frustrating. Since you’re unable to stay signed in to the Feedback Portal, I completely see why posting there isn’t possible for you. However, I do need to be transparent: I’m not able to escalate this issue directly to the Feedback Portal team, as they don’t provide internal escalation channels for us and only accept requests through their own platform.

Excel authentication token reuse for access to Log Analytics

zivrivkis — Fri, 30 Jan 2026 14:05:12 GMT

I have noticed that Excel is not able to reuse the authentication token when accessing Log Analytics workspaces if an expired token was renewed for a single sheet in a workbook.

Scenario:

1 workbook with 1+ worksheets
Each worksheet is a different query to LA (KQL query displayed in Excel for ease and consolidation)
Access to LA is protected by the usual access controls (Conditional Access; Security Reader role + Session control)
After a period of time, session and token expire and require renewal
User receives a prompt stating the token has expired and needs to be renew
User clicks on "Sign-in" and successfully completes the prompts (u/n+pwd+MFA)

Expected result:

The new token will be reused for subsequent connections to LA within the same workbook

Actual result:

User is prompted to re-authenticate for each and every connection in the workbook resulting in as many auth requests as there are connections

Workaround:

After successfully completing the first auth request, close Excel and re-open it and run "Refresh all"
This successfully completes refresh of all data without any additional re-auth requests

Is this behaviour by design or due to a configuration? Is there a way to address this so that the first token is re-used by all other connections without having to close and reopen the workbook?

How Do I Target the Azure VPN Client in a Conditional Access Policy?

cmiarshvac — Mon, 19 Jan 2026 17:12:44 GMT

I am using the Azure VPN Client to connect users to an Azure VPN Gateway using their Entra ID credentials to authenticate. I want to target this application with a CA policy that requires MFA every time it connects. The problem is that I don't see the applications in my Enterprise Apps and all of my searching says that it won't appear because it was "pre-certified" by Microsoft. In the Gateway setup I used the Audience GUID of

c632b3df-fb67-4d84-bdcf-b95ad541b5c8.

And this is working as expected. The only solution that I have found for targeting the Azure VPN Client app is to create a Service Principal using that Audience GUID. This seems like a bit of a hack, so I am posting here to see if there are any other methods that I am missing to target this app when it doesn't appear in my Enterprise Apps list.

Hybrid Identity Admin Questions

StuartK73 — Sun, 18 Jan 2026 23:27:03 GMT

Hi All

I hope you are well.

Anyway, we are migrating our Entra Connect Sync server to it's own dedicated server.

With regards to the Hybrid Identity admin role, do we:

Include MFA on this account
Configure as Eligible or Permanent in PIM

Info appreciated

Stuart

Hacked Live account

Wim Bartels — Wed, 31 Dec 2025 09:50:40 GMT

Hello,

On of our customers accounts was hacked.

This is a Live account linked to his own emailadres (not hotmail) from his Internet Provider.

A few weeks ago someone gained access to this account.

They changed the recovery email address and the phone number.

The customer has a paid Office 36 family account, which is paid for with his MasterCard and he can provide the invoice from the last years..

We tried the account recovery Form multiple times, opened a case with CDOC Case Management.

We simply got the reply that they could not do anything but to suspend the account.

I Think this is crazy, is there no solution to this ?

Thanks,

Android Teams login fails during ADFS federation with SSL error

kek — Fri, 26 Dec 2025 09:12:45 GMT

Hello

Android mobile users cannot sign in to Microsoft Teams

The login fails during the ADFS federation step due to an SSL error

Environment

Android OS versions 10 to 14

Microsoft Teams mobile app

Entra ID federated with on premises ADFS

ADFS service URL is masked

Public certificate issued by Sectigo

Issue description

After entering the account in Teams the sign in process redirects to ADFS

The page does not load correctly and shows infinite loading or a blank screen

The same account works normally on PC browser PC Teams and Outlook Web

The issue occurs only on Android mobile apps that use WebView

Android log summary

OAuth2 WebView client received SSL error

Primary error SSL untrusted

Wildcard certificate for masked domain

Certificate issued by Sectigo Public Server Authentication CA

Troubleshooting performed

Device date and time verified

Teams app cache cleared and app reinstalled

Issue reproduced on multiple Android versions and devices

PC authentication works with the same certificate

Questions

Can Android WebView or Microsoft mobile authentication fail with SSL untrusted when the ADFS server does not provide a complete certificate chain

Is full chain certificate configuration required on ADFS IIS for mobile authentication

Can SSL inspection or proxy interception cause this issue only on Android apps while PC browsers work normally

Are there official Microsoft recommendations for certificate configuration when using ADFS federation with Android mobile apps

Additional information

The same behavior occurs in other Microsoft mobile apps

The suspected causes are incomplete certificate chain or network SSL inspection

Thank you

In "Per-user multifactor authentication" I disabled MFA for one user; All got disabled

ScottoMR — Mon, 22 Dec 2025 16:24:59 GMT

Hi,

I'm the 365 admin for our org. Today I had a user that got a new phone and became stuck in a MS Authenticator app loop. (The app required MFA to login to the app, but they can't login to the app because they aren't logged into the app. This happened once before, and is a ridiculous Kafkaesque situation; but I digress.)

To solve it, I went to disable MFA on their account, allowing them to login to the app. Then MFA could be re-enabled. Problem solved.

And indeed that did work.

However, on the admin side (per the screenshot) I checked off their user account (the user starting with the letter "B") and hit the "Disable MFA" link. A confirmation appeared asking me if I wanted to disable MFA for all selected users. Because I'm the careful sort, I could still see that only that one user was checked off as the popover div didn't cover that much of the screen.

Hence I confirmed that I wanted to disable MFA for the selected users (i.e. that one user).

I then refreshed the page, and all users are now shown as having MFA disabled.

I'm 100% sure only that one user was selected, not everyone in my org. That would've been foolish.

Trying to figure out what's wrong with this portion of the admin site.

Graph http 449 throttled

RazTheOne — Mon, 22 Dec 2025 16:06:47 GMT

We are experiencing a lot of Microsoft Graph trolling errors from some of our applications that are hosted in Azure Web App Services and other third party such as Front App to name one. I am trying to find an approach or strategy to figure out and narrow down what may be causing so many of these events. Whether I can narrow down by application or process, I am not sure yet. We enforce MFA on all our users, but of course, on Azure Enterprise Applications, we don't, which are used extensively in our ecosystem of apps. Any help is much appreciated here.

Case 2512040040001886 - Cannot Access Account

StephenDuPlessis — Fri, 19 Dec 2025 18:49:12 GMT

Since the 4th of December we have been patiently waiting on MS Tech support to assist on resolving our Case with no success endless calls and endless promises with no luck. How do you proceed in using Microsoft for a Business if they don't deliver on the support. My business is taking the brunt of it. I suppose another call holding for hours and another Support person promise a solution. No other methods to log complaints as you cannot log into your Account Portal.

Someone changed my email but i still have access to my account

Juan3 — Thu, 18 Dec 2025 11:30:03 GMT

My microsoft account got hacked but the hacker didn't change my password, now i'm stuck with this weird email account from russia and dont know what to do... I tried the Recovery form but i tried too many times and now doesn't let me try anymore. What can i do? I'm scared for my account

microsoft authenticator

flamadmax77 — Thu, 11 Dec 2025 13:44:09 GMT

hello I would like to ask for help because in the application since I reset the password it no longer lets me log in telling me that my user name and password are incorrect, I no longer know how to access, can someone help me?

Thank you