Enforcing PasswordProtectedTransport for application sso in Entra ID
I need guidance on configuring RequestedAuthnContext in Entra ID for an application that requires re-authn during e-sign process. Currently, the only prompt is username but would like to have both username and password. Specifically, I’m looking for help with modifying the SAML request settings or the application manifest to enforce PasswordProtectedTransport. If anyone has experience with similar configurations or insights on best practices, your assistance would be greatly appreciated.
Old Account transferred to the Entra Tenant
Hi All, My original community account got transferred without any notice to my tenant account. I am worried if this is a security breach as another a new user was also created (this one) automatically when I logged into my community account. Let me know any plausible explanation for what's happening here. So, there's this community account with which I am posting the issue, and the other two shown below. Sids1 Sids11 User ID 2252914 for Sids1 User ID 2468034 for Sids11 Best Regards, Siddhartha Sharma
I can't recover my AAD administrator account
Hello team, I have a serious issue, and you help is appreciated here. My Authenticator app mobile app got crazy and I had to remove the app and install it again. The problem is that I had configured my domain for MFA using the app and I did not backup the accounts that reside in the Authenticator app. I know my credentials but when I am prompted for Authenticator approval I cannot proceed forward because I don't have the account configured on my phone. How to proceed forward and get my admin account recovered? P.S: that's my only Admin account and I haven't created a break glass account. Your quickest feedback is highly appreciated.
Emulating windows hello cred from physical box
I have azure-ad joined windows 10 VM in Azure I want to unlock the VM from the VM's login-shell (not want to provide creds on the RDP-client) with the Windows Hello Credential stored on the physical Azure AD join device. Is it a viable flow technically? In other words, what I want to validate is, I have a physical AAD-joined win10 device where I have enrolled Windows Hello I want to use this WHfB credential while unlocking one Win 10 VM in Azure that I already RDP into from this physical device. So I am staring at the std. window's login screen of VM where I can put my password. However, I do not want to feed password. Instead I want to login with WHfB-cred stored in the physical box. We know we have WebAuthn redirection by redirectwebauthn:i:1 Can we use this RDP-property ? Thanks.
