Why Are Per-User MFA Settings Available in the Entra Admin Center?
A reader asked why the Entra admin center includes an option to manage per-user MFA settings for accounts. I don’t know why Microsoft added this option, but it doesn’t take away from the strategy to enforce and manage multifactor authentication through conditional access policies. Microsoft has been very focused on CA policies for the last few years and per-user MFA will eventually be subsumed into the CA strategy. https://office365itpros.com/2024/10/30/per-user-mfa-entra-admin/How to Force Users to Sign in Weekly
A recent question asked how to force users to reauthenticate at 7AM every Monday. The solution seems to revoke access for user accounts. This article describes how to create an Azure automation runbook (PowerShell script) to find target accounts and revoke their access. By linking the runbook to an automation schedule, we can make sure that revocation happens at the desired time. https://office365itpros.com/2024/10/23/revoke-access-for-user-accounts/How to Set Directory Synchronization Features with the Graph
Directory synchronization features control how the Entra Connect tool works when synchronizing accounts from Active Directory to Entra ID. The current advice is to use a cmdlet from the depreciated MSOL module to update settings. This article explains how to do the job with the Graph APIs, including cmdlets from the Entra PowerShell module. https://office365itpros.com/2024/10/24/directory-synchronization-features/Per-User MFA State Added to Tenant Passwords and MFA Report
A Microsoft Graph update makes per-user MFA state available for user accounts. Being able to access the data means that we can include it in the User Passwords and Authentication report. You can now see if accounts are disabled, enabled, or enforced for per-user MFA along with all the other information captured about passwqrd changes, MFA authentication methods, and so on. https://office365itpros.com/2024/06/14/per-user-mfa-state/
Unable to authenticate in Copilot Studio despite configuring in azure AD & Copilot security settings
Hello guys, I intend to setup Copilot studio to give answers from the connected SharePoint Site using Generative AI. I followed the steps detailed in these two links for setting up manual authentication https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-end-user-authentication#authenticate-manually https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-authentication-azure-ad So as per the recommendations, I have done following : -Setup app registration -grant admin consent to the app -copy the client id and secret (to paste into the chatbot configuration) -Published the chatbot after setting "manual authentication" (Requires sign in) Now when I try to interact with the chatbot (in chat window), it asks me to sign in. When I click "sign in"., it asks to copy a code. When I do that, it keeps showing the "please sign in" prompt over and over again, instead of letting me in. 1. I am already signed in to copilot studio using the intended user account 2.Here is the settings in the "Security" Section in Copilot studio 3.Here is the settings in AAD 4. However when I publish the bot, and try to interact with it, it keeps prompting me with the below screen (to enter access code to sign in). If I click "login" below, it asks me to copy a code. Then if I copy and put code into chat, it come back to below screen and it keeps prompting me same as below. 5. Also in Azure, I have ensured admin has consented following Here is scope Can you please advice what is it that I am missing?The New Entra ID Photo Update Settings Policy for User Profile Photos
A new Entra ID photo update settings policy aims to cure the mish-mash of existing settings controlling how user profile photos are updated in Microsoft 365. The new policy is based on a Microsoft Graph resource. Work is needed to update clients to respect the policy settings and take over from current controls, like the OWA mailbox policy. https://office365itpros.com/2024/09/16/photo-update-settings-policy/
Issue with User Account Deletion - Emails Still Being Sent to Deleted Accounts
We recently permanently deleted several user accounts from our tenant. However, we have noticed that these former users continue to receive emails from Microsoft, such as notifications about updates to the terms of service. This suggests that the accounts may not be fully deleted on your end, or there may be a synchronization issue between our actions and your databases. We would like to understand why these emails are still being sent to accounts that we have already removed. Could you please: Confirm whether the accounts in question are still present in your systems. Provide us with details on the account deletion process and any additional steps we may need to take to ensure complete removal. Assist us in resolving this issue to prevent any future emails from being sent to deleted users.Why Entra ID can Restore Some Types of Deleted Groups and Not Others
The ability to restore deleted groups only covers Microsoft 365 groups. That’s an odd situation to be in given the different types of groups in Microsoft 365, and the reasons why things work (or don’t) the way they do is down to history and different teams within Microsoft. It’s logical that customers assume they can restore any type of deleted group. Microsoft needs to do some magic to make that assumption real. https://office365itpros.com/2024/08/28/restore-deleted-groups-issues/
2 Separate Tenants, Teams, Meetings, Office 365.
Hey Team, Hoping you can assist here. I have a strange situation that i am trying to figure out. I am trying to keep this short but also have it make sense. We have the following: 1) Tenant A - 1000 users, licensed with E1, Teams is NOT rolled out. 2) Tenant B - 2000 Users, Licensed with E3, Teams IS Rolled out. Scenario: Tenant B users send Tenant A users an invite for a meeting, Tenant A users CAN join the meeting, but in order to do so, they must manually type in their Name (and then click) Join. We cannot tak attendance that way as the user could type in mickey mouse. What we would like to do is to have those same Tenant A users login using their regular username and password as normal, but remember they do not have Teams license. I have tried adding the external domain in teams. adding a guest users, etc but i am not able to get them to log in to the Tenant B meeting using their own (Tenant A) logged in Account. Here is another person whith the exact same issue but the solution suggested there does not work.https://answers.microsoft.com/en-us/msteams/forum/all/unlicensed-users-joining-external-teams-meetings/344a9a50-b1f8-4a2b-b2b3-f9da0fa69ce1 Any ideas? Thanks, Robert
Need Information on Rate Limits and Data Retention for Microsoft O365 Message Trace
The REST API I am currently using for O365 Message Trace for my integration is:https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace[?ODATAoptions] Can someone help me in knowing the rate limit of this API? Is the rate limit is different for account level and user level? Please let me know those limits if anyone is aware of it. While exploring the API, I found that the API is returning the data from past 10days to the max. Exceeding this, it is giving me server error with 500 response code. Is there is any possible way to obtain the data more than this range, as mentioned that the data retention is 30 days according to:https://learn.microsoft.com/en-us/previous-versions/office/developer/o365-enterprise-developers/jj984335(v=office.15)#data-granularity-persistence-and-availability
