Windows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Password-less authentication with using One-time passcode from Microsoft Authenticator App.
Recently one of my users was in Internet restricted zone and when he tried to sign-in with Password less method, He didn't get the code due to no internet in mobile and in addition to this, he forgot the user sign-in password. Is there any method or way to setup that we can be able to sign-in with using the 6-digit Microsoft Authenticator App Code instead of the push notification and password.
Exclude Microsoft first party applications in Azure conditional access policy
We have app built on Microsoft Graph resource and we have a conditional access policy that targets all cloud apps. when users sign into this app using Chrome browser on iOS they get error and prompt to use Edge. We do not want users to change the browser and tried to exclude Microsoft Graph from CA policy using all options including API but fails with the below error. Policy contains invalid applications: unsupported firstpartyapplication. Is there a way to exclude Microsoft Graph from the policy?
User getting refresh token expired due to inactivity in Outlook desktop AADSTS70008
I have a user who continues to receive this AADSTS70008 error in Outlook Desktop. This computer has been in service for several years and Outlook desktop has been running fine. User can successfully authenticate in MS Teams and Outlook on the Web. MFA is enabled. I have attempted a restart but Outlook produces the same error. I have seen older posts suggesting that the registry key for the office activation be removed to fix this issue. Any thoughts on a more straightforward fix than registry hacks? DSTS70008
Modern Authentication support
Hi All, From the MS docs I'm able to identify that modern authentication is is only supported by the Outlook clients above 2013. I just wanted to know what will be the behavior of unsupported Outlook clients when modern authentication is enabled at tenant level. Will there be any issues ?
failed set-up of a passkey for a personal MS account
After scanning the QR code (on the PC screen) in the Authenticator app on the Iphone, the error message “Error adding the passkey - Microsoft Authenticator does not support this passkey” (translated from German) appears. What does this mean ? How to prevent? Any help is appreciated.SSO with Microsoft Authentication not working right now (Location Switzerland)
Dear community. We use SSO with Microsoft to authenticate for our local installed Devolutions Remote Desktop Manager. Today, when i start the program my browser also opens and want to authenticate through Microsoft. The URL is https://login.microsoftonline.com/........... After 2-3 minutes this authentication runs in a timeout and i can not authenticate. Yesterday everything worked fine. Do we have a problem with that authentication service from Microsoft ? Local time now in Switzerland is 13:07'Identity Pass' Unable to request new 'TAP code' returns Error Code: 203 Information does not match
Issue: BLOCKED: Disaster Recovery Fails: Unable to request new 'TAP code' from 'Identity Pass' app. Resetting Authenticator App on replacement Corp Laptop & Android Repo steps: - Received new MSFT imaged Laptop & Android phone - On Android, go to aka.ms/knockknock - 'Identity Pass' launches successfully and requests Employee ID & Corp email - Enter Employee ID '000477476' & Corp Alias 'email address removed for privacy reasons' - Click 'Submit' - Returns Error Code: 203 'Information does not match'. - Retry with Birthdate 9/22/1977 & Corp Alias 'email address removed for privacy reasons' - Click 'Submit' - Returns Error Code: 203 'Information does not match'. - BLOCKED: Resubmitting a new 'TAP code' request Fails with Error Code: 203 'Information does not match'. As the result, we can no longer sign-in to https://client.wvd.microsoft.com/arm/webclient/index.html to configure our Authenticator Apps. Please let us know if there's anything else we can do or provide the help get this issue resolved ASAP. Thanks & Best Regards, GaryThe ability to add photos / images to Microsoft Authenticator accounts
Hi, First post in this forum (hello to all !). Can we have the ability to add photos / images to each account listed on our Microsoft Authenticator accounts ? This would allow me to quickly identify which account code I need on the long list of accounts I have connected to my Authenticator app. Many thanks Jay
