Hacked Live account
Hello, On of our customers accounts was hacked. This is a Live account linked to his own emailadres (not hotmail) from his Internet Provider. A few weeks ago someone gained access to this account. They changed the recovery email address and the phone number. The customer has a paid Office 36 family account, which is paid for with his MasterCard and he can provide the invoice from the last years.. We tried the account recovery Form multiple times, opened a case with CDOC Case Management. We simply got the reply that they could not do anything but to suspend the account. I Think this is crazy, is there no solution to this ? Thanks,Microsoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?
Microsoft Authenticator issues
I’m simply locked out of my personal account because I lost access to my 2FA and the recovery form rejects due to active two-step verification. I’ve tried my verifying email and phone number but it rejects is due the active two step verification. I need manual identity verification or an escalation so my 2FA can be reset. Can you point me to the correct support channel for personal account recovery, because the link you sent is not workingWindows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Escalation Inquiry: IP Logs Request for MS Account
Hello, I am seeking advice regarding a security issue with my Microsoft account. There were unauthorized login attempts on my account between May 23 and May 25, 2025. I submitted a ticket to Microsoft Privacy / Security Incident Response (SIR) regarding IP activity logs. My ticket was created on August 7, 2025 and escalated to the IP/SIR team on August 11, 2025. Since then, I have sent multiple follow-ups, but no response has been received. I also created a new ticket on September 17, 2025, but only received the automatic acknowledgment; no agent has contacted me. I am concerned because the logs are important for verifying my account security and ensuring no unauthorized access occurred. Could anyone advise typical processing times for IP activity requests or suggest ways to escalate this issue effectively? Thank you in advance for any guidance.
Conditional Access enforces MFA but Service Account still ask to secure account
Hi, I've setup Conditional Access policies to enforce MFA. But it excludes a group for service accounts. Whenever we login to a Service Account, they all ask to secure your account. Hit next > It says no MFA options are available > Skip. Both our own MFA conditional access policy and MS per-user conditional access policy excludes this group. The Legacy per-user authentication policy has all accounts disabled there in favour of the conditional access policy. We must be missing something here. Some of these are shared inboxes, others regular user accounts. Many of these services requires login through the typical Microsoft sign in screen to authorize access. Some does not support OpenID. So how do I 100% exclude service accounts from MFA? And how do I get rid of this popup to secure these accounts when it says no MFA options are available? TIAMicrosoft’s Effort to Develop a Broad People Platform
Microsoft 365 users see the profile card and might wonder where the information displayed on the card comes from. Entra ID is the obvious source, but the people platform that Microsoft is developing is another and could include information imported through a Copilot connector to build out a complete picture of users and contacts within a Microsoft 365 tenant. It’s early days yet, but beta code is available. https://office365itpros.com/2025/09/10/people-platform/Profile photo component adds unwanted overlay
Component https://myaccount.microsoft.com Run command: ms-settings:yourinfo Environment Profile picture uploaded through https://myaccount.microsoft.com Profile picture uploaded through Run command (WIN+R): ms-settings:yourinfo Retrieved via Microsoft Graph SDK / Graph REST API endpoint /v1.0/me/photos/$value Steps to Reproduce Go to https://myaccount.microsoft.com. Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The component renders an overlay (e.g., presence badge/ring/branding) on top of the photo, altering the image. Impact Users see altered profile photos, leading to inconsistencies with expectations. Breaks brand/UX design guidelines that rely on unmodified profile images. Severity Medium–High (affects identity consistency across apps using Graph). Notes This happens even though no overlay option was requested in either the upload or retrieval flow. Alternative: Steps to Reproduce and working as expected Run command (WIN+R): ms-settings:yourinfo Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding.TAP Question
Hi All I hope you are well. Anyway, I'm looking for some clarification over Temporary Access Passes (TAP) as our testing seems to reveal some different results from those listed in the MS documentation. Here's the scenario's. My understanding: Require MFA policy deployed via Conditional Access New user F3 user starts Issue TAP to user where they can then setup MFA themselves via My Security Info etc Testing results: Require MFA policy deployed via Conditional Access New user F3 user starts User can setup MFA themselves via MS Auth app on a mobile device or via My Security Info in a browser MS TAP Info page: "The most common use for a TAP is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts." Ref: Configure a Temporary Access Pass in Microsoft Entra ID to register passwordless authentication methods - Microsoft Entra ID | Microsoft Learn Have I missed understood something here and if a new user can indeed still setup MFA is there any real need for a TAP for first time user? Info appreciated. SKOld Microsoft Office 2010 (Unknown version) license
Hello everybody, I've been having an annoying activation problem with my old Microsoft Office 2010 license because of a number of reasons. In order to provide relevant details of my case, I've made a list of peculiar characteristics of this device and this Office 2010 license bought long ago and installed in a corporate CPU now under maintenance. Original Microsoft Office 2010 (Unknown version) license provided in a DVD case was bought in 2011 or 2012 for corporate purposes, purchase not performed by me. The software was originally installed in my corporate CPU, but the case with original intallation DVD was lost over the years after several administrative changes Serial product number was carefully kept by me in an anticipation of the possibility this DVD could be lost, which came true over the years. CPU is monitored in a corporate environment and has a specific Microsoft Windows 10 license unknown by me, which DOES NOT INCLUDE Microfost Office, though. This CPU is an Intel i3 with 16 Gb of RAM memory on a 64-based Windows 10 Home Single Language OS, version 22H2. Microsoft no longer provides support for Office versions older than 2013, therefore preventing me from finding a solution in Microsoft documentation and automated Microsoft Internet tutorials/assistants. I've risked downloading and installing a non-official Microsoft Office 2010 on this CPU from a third-party website with no relationship to Microsoft because of its absence from Microsoft official sources with good results. Activation fails continuously, though, even when I copy and paste the correct serial Microsoft Office 2010 serial number I have in my backups. I have a strong suspicion this has to do with the wrong software version (Home & Student X Pro), but I am not entirely sure of it. Product number error code is 0x8007232B My corporate environment does not provide Microsoft Office to all of its computers because of budgetary constraints and the availability of alternative freeware. Moreover, they are located in an institution completely separated from where I work, because the Windows 10 version I currently use is registered with the local regional Government under an institutional corporate e-mail completely apart from this centralized IT facility. This organization is called PRODESP (https://www.prodesp.sp.gov.br), which in turn is understaffed and deals with all kinds of issues, with a particular focus dedicated to financial issues, because of the countless employees the Government of Sao Paulo State (Brazil, South America) possesses accross the entire State. Recently I tried some alternative Office suites but neither option I tried had an advanced "Find and Replace" tool which only Microsoft Office has, which made me even more strongly attached to my user experience with Microsoft Office 2010 and this is why I would like to continue using it despite this license being now almost 15 years old, and its broad operational compatibility with the current Microsoft Office 365 version, particularly with regards to file formats, recorded MACROs and many other aspects not of interest and neither discussed here. An illustrative screenshot with my problem shown on it is provided below here too. Any help from whoever is able to help me solve this problem would be greatly appreciated, particularly if provided by a Microsoft representative. Thank you.
