Hacked Live account
Hello, On of our customers accounts was hacked. This is a Live account linked to his own emailadres (not hotmail) from his Internet Provider. A few weeks ago someone gained access to this account. They changed the recovery email address and the phone number. The customer has a paid Office 36 family account, which is paid for with his MasterCard and he can provide the invoice from the last years.. We tried the account recovery Form multiple times, opened a case with CDOC Case Management. We simply got the reply that they could not do anything but to suspend the account. I Think this is crazy, is there no solution to this ? Thanks,
Case 2512040040001886 - Cannot Access Account
Since the 4th of December we have been patiently waiting on MS Tech support to assist on resolving our Case with no success endless calls and endless promises with no luck. How do you proceed in using Microsoft for a Business if they don't deliver on the support. My business is taking the brunt of it. I suppose another call holding for hours and another Support person promise a solution. No other methods to log complaints as you cannot log into your Account Portal.
Android Teams login fails during ADFS federation with SSL error
Hello Android mobile users cannot sign in to Microsoft Teams The login fails during the ADFS federation step due to an SSL error Environment Android OS versions 10 to 14 Microsoft Teams mobile app Entra ID federated with on premises ADFS ADFS service URL is masked Public certificate issued by Sectigo Issue description After entering the account in Teams the sign in process redirects to ADFS The page does not load correctly and shows infinite loading or a blank screen The same account works normally on PC browser PC Teams and Outlook Web The issue occurs only on Android mobile apps that use WebView Android log summary OAuth2 WebView client received SSL error Primary error SSL untrusted Wildcard certificate for masked domain Certificate issued by Sectigo Public Server Authentication CA Troubleshooting performed Device date and time verified Teams app cache cleared and app reinstalled Issue reproduced on multiple Android versions and devices PC authentication works with the same certificate Questions Can Android WebView or Microsoft mobile authentication fail with SSL untrusted when the ADFS server does not provide a complete certificate chain Is full chain certificate configuration required on ADFS IIS for mobile authentication Can SSL inspection or proxy interception cause this issue only on Android apps while PC browsers work normally Are there official Microsoft recommendations for certificate configuration when using ADFS federation with Android mobile apps Additional information The same behavior occurs in other Microsoft mobile apps The suspected causes are incomplete certificate chain or network SSL inspection Thank you
Graph http 449 throttled
We are experiencing a lot of Microsoft Graph trolling errors from some of our applications that are hosted in Azure Web App Services and other third party such as Front App to name one. I am trying to find an approach or strategy to figure out and narrow down what may be causing so many of these events. Whether I can narrow down by application or process, I am not sure yet. We enforce MFA on all our users, but of course, on Azure Enterprise Applications, we don't, which are used extensively in our ecosystem of apps. Any help is much appreciated here.
In "Per-user multifactor authentication" I disabled MFA for one user; All got disabled
Hi, I'm the 365 admin for our org. Today I had a user that got a new phone and became stuck in a MS Authenticator app loop. (The app required MFA to login to the app, but they can't login to the app because they aren't logged into the app. This happened once before, and is a ridiculous Kafkaesque situation; but I digress.) To solve it, I went to disable MFA on their account, allowing them to login to the app. Then MFA could be re-enabled. Problem solved. And indeed that did work. However, on the admin side (per the screenshot) I checked off their user account (the user starting with the letter "B") and hit the "Disable MFA" link. A confirmation appeared asking me if I wanted to disable MFA for all selected users. Because I'm the careful sort, I could still see that only that one user was checked off as the popover div didn't cover that much of the screen. Hence I confirmed that I wanted to disable MFA for the selected users (i.e. that one user). I then refreshed the page, and all users are now shown as having MFA disabled. I'm 100% sure only that one user was selected, not everyone in my org. That would've been foolish. Trying to figure out what's wrong with this portion of the admin site.
Someone changed my email but i still have access to my account
My microsoft account got hacked but the hacker didn't change my password, now i'm stuck with this weird email account from russia and dont know what to do... I tried the Recovery form but i tried too many times and now doesn't let me try anymore. What can i do? I'm scared for my accountMicrosoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?Journey to Passwordless Authentication Might Include Some Bumps
Microsoft recommends passwordless authentication to help secure Microsoft 365 tenants. The latest is synced passkeys, something that apparently leads to “syncability,” whatever that might mean. In any case, after some struggles, I managed to enable synched passkeys for my iPhone and then started to consider how to remediate user accounts that are flagged with a high-risk (compromised) status when they can’t simply update their password. https://office365itpros.com/2025/12/04/passwordless-authentication/Microsoft authenticator
Good day. I’d like to ask how to solve a problem with Microsoft Authenticator. A Microsoft Authenticator suddenly appeared on my account out of nowhere, and I can’t remove it because I’ve lost access to the account. Logging in with a password doesn’t work, it can’t send an SMS to my phone, and the account is logged out everywhere. As far as I remember, I never set up Microsoft Authenticator.
