My hotmail account is blocked by Microsoft
My Hotmail account has been blocked by Microsoft due to “unusual activity,” and I urgently need help. I’ve attempted recovery multiple times, but the phone verification system is not working and all my requests keep getting rejected with the reason "that information I provided was not sufficient enough". I also have an active Microsoft 365 subscription tied to this email, and I can no longer access any of my Office 365 services. This issue needs immediate resolution.Windows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Nested App Authentication (NAA) token to protect middle-tier server
I'm working on an outlook addin and want to use the NAA accesstoken to validate the user on an api running on a php webserver. The addin runs as a taskepane (created with yo office) with the app only manifest. I have setup NAA to do Microsoft graph calls on behalf of the user. I have used this guid to setup NAA (copy/past) https://learn.microsoft.com/en-us/office/dev/add-ins/develop/enable-nested-app-authentication-in-your-add-in I have setup a php server (not in Microsoft infrastruktur) for a simple API, that handlers MySQL calls and app only calls to Microsoft graph. The php api authenticate itself with a client secret from the Azure app registration. Both are working as expected. Can i use the accesstoken from the NAA, to authenticate the user on the php server? If it can be done how do I validate the token?Escalation Inquiry: IP Logs Request for MS Account
Hello, I am seeking advice regarding a security issue with my Microsoft account. There were unauthorized login attempts on my account between May 23 and May 25, 2025. I submitted a ticket to Microsoft Privacy / Security Incident Response (SIR) regarding IP activity logs. My ticket was created on August 7, 2025 and escalated to the IP/SIR team on August 11, 2025. Since then, I have sent multiple follow-ups, but no response has been received. I also created a new ticket on September 17, 2025, but only received the automatic acknowledgment; no agent has contacted me. I am concerned because the logs are important for verifying my account security and ensuring no unauthorized access occurred. Could anyone advise typical processing times for IP activity requests or suggest ways to escalate this issue effectively? Thank you in advance for any guidance.
Azure AD Health Failing
I am on the latest version of Azure AD Connect (2.5.79.0)... There are no network/DNS/connectivity issues at our site, it seems to me that Azure AD Health Service is having trouble because the endpoint is experiencing a service issue.. Is anyone else having the same problem with failure alerts/etc? I checked by running "Test-MicrosoftEntraConnectHealthConnectivity -Role SYNC" command, the stack trace throws an undocumented error number and complains of rate limiting issues... smells like the server is being overwhelmed or there are other issues slowing down the endpoint/service with the consequence that connections are piling up causing this error: Connectivity Test Step 1 of 2: Testing dependent service endpoints begins ... AAD CDN connectivity is skipped. Connecting to endpoint https://login.microsoftonline.com Endpoint validation for https://login.microsoftonline.com is Successful. Connecting to endpoint https://s1.adhybridhealth.azure.com/providers/Microsoft.ADHybridHealthService/diagnostics/version Endpoint validation for https://s1.adhybridhealth.azure.com/providers/Microsoft.ADHybridHealthService/diagnostics/version is Successful. Connectivity Test Step 1 of 2 - Testing dependent service endpoints completed successfully. Connectivity Test Step 2 of 2 - EventHub data upload procedure begins ... Tenant Id is successfully collected during agent registration. Server rejected Eventhub data upload, here is the exception: Microsoft.ServiceBus.Messaging.ServerBusyException: The request was terminated because the entity is being throttled. Error code : 50002. Sub error : 101. Please wait 4 seconds and try again. To know more visit https://aka.ms/sbResourceMgrExceptions and https://aka.ms/ServiceBusThrottlingS:N:ADHSPRODWUSEHSYNCIA:EVENTHUB:ADHSPRODWUSEHSYNCIA~22527,CL:30,CC:32,ACC:356250,LUR:WinEnd,LUT:2025-10-08T03:03:12.2035867Z,RC:1 TrackingId:<<< anonymized tracking ID>>> 0, SystemTracker:adhsprodwusehsyncia:eventhub:adhsprodwusehsyncia~22527, Timestamp:2025-10-08T03:03:13 at Microsoft.ServiceBus.Common.ExceptionExtensions.ThrowException(Exception exception) at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.ServiceBus.Messaging.EventHubSender.Send(EventData data) at Microsoft.Identity.Health.AgentV1.ConfigurationPowerShell.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProcedure() Azure AD Connect Health agent could not communicate to the Health Service using port 5671. As a result, agent communication will fall back to use port 443, but use of port 5671 is recommended. Please allow outbound communication using port 5671. Tenant Id is successfully collected during agent registration. Server rejected Eventhub data upload, here is the exception: Microsoft.ServiceBus.Messaging.ServerBusyException: The request was terminated because the entity is being throttled. Error code : 50002. Sub error : 101. Please wait 4 seconds and try again. To know more visit https://aka.ms/sbResourceMgrExceptions and https://aka.ms/ServiceBusThrottlingS:N:ADHSPRODWUSEHSYNCIA:EVENTHUB:ADHSPRODWUSEHSYNCIA~22527,CL:30,CC:32,ACC:356837,LUR:IncomingUsage_ADHSPRODWUSEHSYNCIA-5,LUT:2025-10-08T03:03:54.9448143Z,RC:1 TrackingId:<<< anonymized tracking ID>>>, SystemTracker:adhsprodwusehsyncia:eventhub:adhsprodwusehsyncia~22527, Timestamp:2025-10-08T03:04:00 at Microsoft.ServiceBus.Common.ExceptionExtensions.ThrowException(Exception exception) at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.ServiceBus.Messaging.EventHubSender.Send(EventData data) at Microsoft.Identity.Health.AgentV1.ConfigurationPowerShell.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProcedure() Azure AD Connect Health agent could not communicate to the Health Service using port 5671. As a result, agent communication will fall back to use port 443, but use of port 5671 is recommended. Please allow outbound communication using port 5671.Entra ID’s Keep Me Signed In Feature – Good or Bad?
The Entra ID Keep Me Signed In (KMSI) feature creates persistent authentication cookies to allow users to avoid sign-ins during browser sessions. Is this a good or bad thing and should Microsoft 365 tenants enable or disable KMSI. I think KMSI is fine in certain conditions and explain my logic in this article. Feel free to disagree! https://office365itpros.com/2025/09/17/kmsi-good-or-bad/Profile photo component adds unwanted overlay
Component https://myaccount.microsoft.com Run command: ms-settings:yourinfo Environment Profile picture uploaded through https://myaccount.microsoft.com Profile picture uploaded through Run command (WIN+R): ms-settings:yourinfo Retrieved via Microsoft Graph SDK / Graph REST API endpoint /v1.0/me/photos/$value Steps to Reproduce Go to https://myaccount.microsoft.com. Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The component renders an overlay (e.g., presence badge/ring/branding) on top of the photo, altering the image. Impact Users see altered profile photos, leading to inconsistencies with expectations. Breaks brand/UX design guidelines that rely on unmodified profile images. Severity Medium–High (affects identity consistency across apps using Graph). Notes This happens even though no overlay option was requested in either the upload or retrieval flow. Alternative: Steps to Reproduce and working as expected Run command (WIN+R): ms-settings:yourinfo Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding.
My Azure login is stuck at MFA and cannot proceed
In August, I was still able to log in to Azure, and by logging in through GitHub I could bypass 2FA. But now, no matter how I try, logging in via GitHub always requires 2FA. I can’t access my Azure account anymore—nothing works. The system prompts me to use Microsoft Authenticator to confirm a two-digit code in real time. My Microsoft Authenticator on my iPhone is logged into the same Microsoft account, but I’m not receiving any verification requests for Azure login. No matter how much I refresh, nothing shows up. I’ve already updated the Microsoft Authenticator app to the latest version from the App Store. However, my personal Microsoft account works fine and can log in without any issues.
Locked out because of bugged 2FA
Hello, I have one irritating problem. I did a reset of my microsoft authenticator app since it stopped working, i did not save the Authenticators security code, i got 2FA activated on my account. Now i have been trying to log in on my microsoft account for one month without succes. The 3 options i have for 2FA is Code to external my gmail - This works 2 times a day, then locked for 24h Code by text to my cellphone - This does not work when trying to log in, i get the error "Try another verification method, this method does not work at the moment". I know it works, its just in the combination with 2FA it wont work. Microsoft Authenticator - I cannot log into this one since the textmessage does not work on 2FA-login. I have been in a loop for the last month, i cant log into my ordinary e-mail, xbox and so on. Im still logged in on my computer and cellphone at the moment but im afraid it will time out very soon. Microsoft support says that they cannot do anything about it, it is only a server doing all the security. I cant remove 2FA on the account im still logged into, i need 2FA for that. Help!TAP Question
Hi All I hope you are well. Anyway, I'm looking for some clarification over Temporary Access Passes (TAP) as our testing seems to reveal some different results from those listed in the MS documentation. Here's the scenario's. My understanding: Require MFA policy deployed via Conditional Access New user F3 user starts Issue TAP to user where they can then setup MFA themselves via My Security Info etc Testing results: Require MFA policy deployed via Conditional Access New user F3 user starts User can setup MFA themselves via MS Auth app on a mobile device or via My Security Info in a browser MS TAP Info page: "The most common use for a TAP is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts." Ref: Configure a Temporary Access Pass in Microsoft Entra ID to register passwordless authentication methods - Microsoft Entra ID | Microsoft Learn Have I missed understood something here and if a new user can indeed still setup MFA is there any real need for a TAP for first time user? Info appreciated. SK
