SSPR for synced account failed — error: OnPremisesUserNotFound
Hello, I’m encountering the following error for all synchronized accounts when attempting to use Self-Service Password Reset (SSPR): Error: OnPremisesUserNotFound Details: Synchronization Engine returned an error hr=80230405, message: "The operation failed because the object cannot be found." Here are some details about the current setup: The Entra ID Connect agent is running without any errors. The service account used for synchronization has the necessary permissions. Password writeback is enabled. All synchronized accounts have a P1 license. SSPR is enabled for all users. Could you please assist me in resolving this issue? Thank you,Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/Reporting Authentication Method Usage Data via the Graph
Three new Graph API resources provide easy access to Entra ID authentication method summary usage data. The information is helpful to understand the type of sign-ins that happen, and the authentication methods used by user connections. The article includes a script based on the MFA sign-in summary to highlight non-MFA connections and the apps users connect to. https://office365itpros.com/2025/08/21/authentication-methods-graph/
Microsoft Places Analytics - Missing data
Hi! I'm looking to hear if anyone has succesfully configured Microsoft Places Analytics according to the guidelines here: https://learn.microsoft.com/en-us/microsoft-365/places/places-analytics I've reached out to Microsoft Support several months ago regarding this but the case has not progressed at all unfortunately when it comes to actually reaching a solution. I'm struggling to get enough data to show even though the following is OK: All buildings have analytics enabled The name of the building matches the attribute "Office Location" in Entra ID. A mail-enabled security group is used for assigning permissions to Places Analytics (as-per the requirements). All users of the above group have Teams Premium I'm mostly focusing on the building analytics here since that one is most interesting for us. Example of charts with missing or incomplete data: The above one shows nothing even though it should be fetched from the work location in conjuction with the leader's organisation data. In the above chart it's succesfully mapping the headcount of the number of people that have set their work plan with a chosen building, however it's completely ignoring the "remote" parts. Also ignoring the people that have no work plan set but do have the same Office location as the building name - which it should fetch from according to the "?" button: It's even more clear further down in the same "?": In my case it's ONLY showing the ones with a work plan set and with the actual building in question set. It's the same type of issue for most of the data but I believe that solving it on one end will solve the rest. So I'm really hoping there's someone else out there that has succesfully configured Places Analytics and might shed some light on what my configuration might be missing. Thanks!How Microsoft Graph PowerShell SDK Access Tokens Work
If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token management. Although you don’t need to know the details of the access token used in an SDK session, it’s possible to find and examine its contents, and even use the token with a Graph request. Knowing the details of the access token is something that you’ll probably never need in practice, but good to know none the same. https://office365itpros.com/2025/08/04/access-token-graph-sdk/
Arcihtekt M365 // Ogłoszenie pracy
Kim jesteśmy? Technologia to nasza pasja, ale nie tylko! Wspieramy inicjatywy społeczne, ekologiczne i promujące aktywny styl życia. Jesteśmy laureatem prestiżowych nagród posiadamy certyfikat Great Place to Work, a na co dzień współpracujemy z globalnymi liderami IT - VMware, Fortinet, IBM, HPE, Dell, Hitachi, Microsoft, AWS. Nasz zespół tworzą utalentowani inżynierowie i doświadczeni architekci IT. Dołącz do nas i zostań częścią #ITSFteam! Kogo szukamy? Arhitekta M365, który dołączy do naszego zespołu i będzie odpowiedzialny za projektowanie, wdrażanie oraz zarządzanie rozwiązaniami opartymi na Microsoft 365. Idealny kandydat to osoba z doświadczeniem w architekturze chmurowych rozwiązań Microsoft, posiadająca umiejętność kompleksowego projektowania i optymalizacji procesów w obrębie aplikacji i usług M365, takich jak Teams, Sharepoint, Exchange Online, OneDrive, Power Platform czy Microsoft 365 Copilot. Warto od razu zaznaczyć, będzie to praca w modelu hybrydowym 4/1 w Warszawie. Co oferujemy? Współpaca bezpośrednio z nami na okres długofalowy (5+ lat); Możliwość rozwoju przy pracach dla największych klientów Enterprise w całym kraju; Pakiet medyczny Medicover; Karta Multisport; Program PPK; Lekcje angielskiego; Dodatkowy dzień urlopu z okazji urodzin; Około 8 integracji frmowych w roku :) Jeśli propozycja brzmi interesująco i chciałbyś poznać więcej szczegółów na temat wymagań, bądź zakresu obowiązków — to śmiało aplikuj przez link niżej: https://itsf.traffit.com/public/an/0ed08bcedcd522af2936290b48d33a9e48697565How to Block OWA and Use the New Outlook Using a CA Policy
New guidance from Microsoft suggests that tenants wanting to block access to OWA while allowing people to use the new Outlook should deploy a conditional access policy. That’s good advice if a tenant has the necessary Entra P1 licenses and is willing to accept the loss of browser access to Teams. Microsoft 365 is a complicated interconnected place, and blocking one app can have consequences for another… https://office365itpros.com/2025/07/30/block-access-to-owa-new-outlook/Entra ID Governance Levies Charges for Guest Accounts
A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2025. This only affects Microsoft 365 tenants that use ID governance for features like inactive guest access reviews, but unexpected charges might come as a surprise. This article explains a PowerShell script to find chargeable events in audit logs and how to calculate likely charges. https://office365itpros.com/2025/07/29/entra-id-governance-levies-charges/Entra ID Introduces Linkable Token Identifiers for Audit Events
Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The new identifiers make it easier to track all user actions taken during a session, and should be of great advantage to security investigators who need to know if an account is performing suspicious actions, possibly due to an attacker compromise. https://office365itpros.com/2025/07/24/linkable-token-identifier/Changes Coming to Smoothen Edges in Microsoft Authenticator App
The Microsoft Authenticator app gets two important changes in September 2025 to make the app easier to use for average users. The current number matching mechanism is modified to make it less likely that notifications will fail to be seen and the first run experience is changing to give priority to Entra ID accounts. . Hopefully, the changes will encourage adoption of MFA in Microsoft 365 tenants. https://office365itpros.com/2025/07/21/microsoft-authenticator-updates/
