Journey to Passwordless Authentication Might Include Some Bumps
Microsoft recommends passwordless authentication to help secure Microsoft 365 tenants. The latest is synced passkeys, something that apparently leads to “syncability,” whatever that might mean. In any case, after some struggles, I managed to enable synched passkeys for my iPhone and then started to consider how to remediate user accounts that are flagged with a high-risk (compromised) status when they can’t simply update their password. https://office365itpros.com/2025/12/04/passwordless-authentication/
Microsoft authenticator
Good day. I’d like to ask how to solve a problem with Microsoft Authenticator. A Microsoft Authenticator suddenly appeared on my account out of nowhere, and I can’t remove it because I’ve lost access to the account. Logging in with a password doesn’t work, it can’t send an SMS to my phone, and the account is logged out everywhere. As far as I remember, I never set up Microsoft Authenticator.
Locked out because of bugged 2FA
Hello, I have one irritating problem. I did a reset of my microsoft authenticator app since it stopped working, i did not save the Authenticators security code, i got 2FA activated on my account. Now i have been trying to log in on my microsoft account for one month without succes. The 3 options i have for 2FA is Code to external my gmail - This works 2 times a day, then locked for 24h Code by text to my cellphone - This does not work when trying to log in, i get the error "Try another verification method, this method does not work at the moment". I know it works, its just in the combination with 2FA it wont work. Microsoft Authenticator - I cannot log into this one since the textmessage does not work on 2FA-login. I have been in a loop for the last month, i cant log into my ordinary e-mail, xbox and so on. Im still logged in on my computer and cellphone at the moment but im afraid it will time out very soon. Microsoft support says that they cannot do anything about it, it is only a server doing all the security. I cant remove 2FA on the account im still logged into, i need 2FA for that. Help!
Microsoft Authenticator issues
I’m simply locked out of my personal account because I lost access to my 2FA and the recovery form rejects due to active two-step verification. I’ve tried my verifying email and phone number but it rejects is due the active two step verification. I need manual identity verification or an escalation so my 2FA can be reset. Can you point me to the correct support channel for personal account recovery, because the link you sent is not working
My hotmail account is blocked by Microsoft
My Hotmail account has been blocked by Microsoft due to “unusual activity,” and I urgently need help. I’ve attempted recovery multiple times, but the phone verification system is not working and all my requests keep getting rejected with the reason "that information I provided was not sufficient enough". I also have an active Microsoft 365 subscription tied to this email, and I can no longer access any of my Office 365 services. This issue needs immediate resolution.Windows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Nested App Authentication (NAA) token to protect middle-tier server
I'm working on an outlook addin and want to use the NAA accesstoken to validate the user on an api running on a php webserver. The addin runs as a taskepane (created with yo office) with the app only manifest. I have setup NAA to do Microsoft graph calls on behalf of the user. I have used this guid to setup NAA (copy/past) https://learn.microsoft.com/en-us/office/dev/add-ins/develop/enable-nested-app-authentication-in-your-add-in I have setup a php server (not in Microsoft infrastruktur) for a simple API, that handlers MySQL calls and app only calls to Microsoft graph. The php api authenticate itself with a client secret from the Azure app registration. Both are working as expected. Can i use the accesstoken from the NAA, to authenticate the user on the php server? If it can be done how do I validate the token?Escalation Inquiry: IP Logs Request for MS Account
Hello, I am seeking advice regarding a security issue with my Microsoft account. There were unauthorized login attempts on my account between May 23 and May 25, 2025. I submitted a ticket to Microsoft Privacy / Security Incident Response (SIR) regarding IP activity logs. My ticket was created on August 7, 2025 and escalated to the IP/SIR team on August 11, 2025. Since then, I have sent multiple follow-ups, but no response has been received. I also created a new ticket on September 17, 2025, but only received the automatic acknowledgment; no agent has contacted me. I am concerned because the logs are important for verifying my account security and ensuring no unauthorized access occurred. Could anyone advise typical processing times for IP activity requests or suggest ways to escalate this issue effectively? Thank you in advance for any guidance.
Azure AD Health Failing
I am on the latest version of Azure AD Connect (2.5.79.0)... There are no network/DNS/connectivity issues at our site, it seems to me that Azure AD Health Service is having trouble because the endpoint is experiencing a service issue.. Is anyone else having the same problem with failure alerts/etc? I checked by running "Test-MicrosoftEntraConnectHealthConnectivity -Role SYNC" command, the stack trace throws an undocumented error number and complains of rate limiting issues... smells like the server is being overwhelmed or there are other issues slowing down the endpoint/service with the consequence that connections are piling up causing this error: Connectivity Test Step 1 of 2: Testing dependent service endpoints begins ... AAD CDN connectivity is skipped. Connecting to endpoint https://login.microsoftonline.com Endpoint validation for https://login.microsoftonline.com is Successful. Connecting to endpoint https://s1.adhybridhealth.azure.com/providers/Microsoft.ADHybridHealthService/diagnostics/version Endpoint validation for https://s1.adhybridhealth.azure.com/providers/Microsoft.ADHybridHealthService/diagnostics/version is Successful. Connectivity Test Step 1 of 2 - Testing dependent service endpoints completed successfully. Connectivity Test Step 2 of 2 - EventHub data upload procedure begins ... Tenant Id is successfully collected during agent registration. Server rejected Eventhub data upload, here is the exception: Microsoft.ServiceBus.Messaging.ServerBusyException: The request was terminated because the entity is being throttled. Error code : 50002. Sub error : 101. Please wait 4 seconds and try again. To know more visit https://aka.ms/sbResourceMgrExceptions and https://aka.ms/ServiceBusThrottlingS:N:ADHSPRODWUSEHSYNCIA:EVENTHUB:ADHSPRODWUSEHSYNCIA~22527,CL:30,CC:32,ACC:356250,LUR:WinEnd,LUT:2025-10-08T03:03:12.2035867Z,RC:1 TrackingId:<<< anonymized tracking ID>>> 0, SystemTracker:adhsprodwusehsyncia:eventhub:adhsprodwusehsyncia~22527, Timestamp:2025-10-08T03:03:13 at Microsoft.ServiceBus.Common.ExceptionExtensions.ThrowException(Exception exception) at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.ServiceBus.Messaging.EventHubSender.Send(EventData data) at Microsoft.Identity.Health.AgentV1.ConfigurationPowerShell.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProcedure() Azure AD Connect Health agent could not communicate to the Health Service using port 5671. As a result, agent communication will fall back to use port 443, but use of port 5671 is recommended. Please allow outbound communication using port 5671. Tenant Id is successfully collected during agent registration. Server rejected Eventhub data upload, here is the exception: Microsoft.ServiceBus.Messaging.ServerBusyException: The request was terminated because the entity is being throttled. Error code : 50002. Sub error : 101. Please wait 4 seconds and try again. To know more visit https://aka.ms/sbResourceMgrExceptions and https://aka.ms/ServiceBusThrottlingS:N:ADHSPRODWUSEHSYNCIA:EVENTHUB:ADHSPRODWUSEHSYNCIA~22527,CL:30,CC:32,ACC:356837,LUR:IncomingUsage_ADHSPRODWUSEHSYNCIA-5,LUT:2025-10-08T03:03:54.9448143Z,RC:1 TrackingId:<<< anonymized tracking ID>>>, SystemTracker:adhsprodwusehsyncia:eventhub:adhsprodwusehsyncia~22527, Timestamp:2025-10-08T03:04:00 at Microsoft.ServiceBus.Common.ExceptionExtensions.ThrowException(Exception exception) at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.ServiceBus.Messaging.EventHubSender.Send(EventData data) at Microsoft.Identity.Health.AgentV1.ConfigurationPowerShell.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProcedure() Azure AD Connect Health agent could not communicate to the Health Service using port 5671. As a result, agent communication will fall back to use port 443, but use of port 5671 is recommended. Please allow outbound communication using port 5671.Entra ID’s Keep Me Signed In Feature – Good or Bad?
The Entra ID Keep Me Signed In (KMSI) feature creates persistent authentication cookies to allow users to avoid sign-ins during browser sessions. Is this a good or bad thing and should Microsoft 365 tenants enable or disable KMSI. I think KMSI is fine in certain conditions and explain my logic in this article. Feel free to disagree! https://office365itpros.com/2025/09/17/kmsi-good-or-bad/
