Can't connect via IMAP (basic authentication) to my Office 365 account
Hello, I'm struggling since two days now to enable an IMAP connection with basic authentication for my Office 365 account. I enable IMAP for the user in the admin console and furthermore, I also created an "AuthenticationPolicy" via the Exchange Online PowerShell. Set-AuthenticationPolicy -Identity "Allow Basic Auth for some ancient application" -AllowBasicAuthImap:$true Multifactor Authentication is disabled for the user. What am I missing? How can I narrow down the root cause? Thanks in advance.Document Azure AD Conditional Access Policies with the IdPowerToys App
The first app in a new community project called IdPowerToys helps Azure AD tenants to document conditional access policy settings in PowerPoint. The information used to document the CA policies is extracted (manually or automatically) from Azure AD, analyzed, and output as a PowerPoint presentation. It’s a nice way to see what CA policies exist in a Microsoft 365 tenant and helpful if you want to rationalize the set of policies in use. https://office365itpros.com/2023/03/16/idpowertoys-ca-documentation/
Restrict 365 to specific device or MAC address
Good afternoon We have different users in the field that need to access mailboxes and perhaps 365 apps, but they can't use MFA. We're looking into providing them with access to email (right now), but we'd like to limit it to a specific device or MAC address. Is this at all possible?
MFA and Security Defaults
Hello All, I am struggling to find a clear answer, so I am hoping you can assist. When Security Default is turned on in 365, does this have any impact on 'Enabling', 'Enforcing' or 'Disabling' MFA for any of the users? I have read that 'Security Defaults' requires users to have MFA: Requiring users to do multi-factor authentication when necessary. But if I change a user to 'Enforced' or even 'Disabled', does this have any impact to the user, or does 'Security Defaults' override these settings?
Azure AD Basic for EDU with Enterprise Application (NAC) - Configuration
Hi Team, Our subscription is Azure AD Basic for EDU Can I configure the Enterprise application like PacketFence with this license? PacketFence supports integrating with the Azure Active Directory for authenticating users on the captive portal, the admin interface, and for 802.1X users using EAP-TTLS PAP. Is it possible to authenticate the users with "Azure AD Basic for EDU" as a source with packetfence? I configured the Azure AD and packetfence as given in the following link. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration But I'm not able to authenticate the users. Any help would be greatly appreciated Regards, ThirunavukkarasuFIDO2 enabled user receive "Protect your account"
We are having issues in two different scenarios with Azure MFA for users who use FIDO2 exclusively. It seems, any settings somehow still require Microsoft Authenticator. First scenario: Registering FIDO2 after the 14 days grace period When a user is created in Azure (either directly or on-prem sync, no difference here), the user has a 14 days grace period. During this period, configuring FIDO2 works flawlessly using a Temporary Access Pass (TAP). After the 14 days, the user logs in using the provided TAP to https://aka.ms/mysecurityinfo, starts the "Add sign in method", follows the steps for the FIDO2 key, once the key is confirmed and the user is redirected back to mysecurityinfo, Azure prompts for a "Additional information is required" and requires the user to register the Microsoft Authenticator app first. The only logs we see is that the user interrupted the MFA setup. We tried several browsers, normal or incognito mode, different users, nothing prevented this, except for configuring MS Authenticator first, then configuring FIDO2 afterwards. We deleted the MS Authenticator app for these users as it was only a workaround. Now these users seem to face the second scenario below. Second scenario: FIDO2 sign in prompts for a "Protect your account" - skippable for 14 days Users are able to sign in using the FIDO2, and immediately after, they are prompted a "Protect your account" window, which asks them to configure MS Authenticator again. They have the option to skip this for 14 times (not days). If we check the user's sign in logs, it shows Failure for the user satisfying the Conditional Access requiring MFA, which is rather unexpected because the user does in fact manage to sign in using the FIDO2 security key, and is able to access the resources when skipping the "Protect your account" request. We thought it may be App specific, but finally the users face this issue with different apps (Workday, Concur, MS Teams...) After asking Google, many articles point out this is related to Security Defaults. This is not our case, as we are using https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=condit. The Conditional Access (CA) is enforcing an MFA of a custom Authentication Strength which includes the FIDO2 as one of the accepted options. The per-user MFA settings are configured to be Disabled for the affected users, as it is already enforced by the CA. The only setting that we have not modified yet is the Multifactor authentication registration policy which is set to Enabled - we cannot customise this as we have only P1 license (and we cannot find information if disabling this would later prevent us from enabling it afterwards due to missing license). As mentioned at the beginning, it seems there is somewhere a setting that expects everybody to use MS Authenticator for MFA regardless of what we configure, except if we disable MFA altogether (not gonna happen). Are there any other settings we should check or review or we can test? Thanks in advance.Stuck on "More Information Required" - Office365
I have an Office365 professional account that I recently purchased with my domain on GoDaddy a couple of days ago When I log in I get stuck on the "More Information Required" screen without any skip button - occurs on Mac, iPad and iPhone on Safari, Chrome, Authenticator and the Outlook app on Mac and iOS I've cleared the cache and tried reloading and restarting all my apps - all to no avail
