Challenges with New MFA and SSPR Policies: Need Guidance
I am currently transitioning our Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA) to the new Authentication Methods policy, moving away from legacy policies. However, the lack of clarity on which methods are compatible with both scenarios is quite frustrating, and I wonder if I might be missing something. Our goal is to exclusively use the Authenticator app and security keys for both MFA and SSPR, eliminating all other methods. Additionally, we want to maintain the requirement of two methods (Authenticator app and security key) for password changes. We are in the process of distributing security keys to all staff. The issue I’m encountering is that while Microsoft promotes this new portal as a unified solution for both MFA and SSPR, not all methods are supported across both. Specifically, the security key does not currently work for SSPR. If I am unable to use the security key for SSPR and must resort to a less secure second method, I would at least like to disable that less secure method for MFA. However, it seems there is no way to configure this in the policy. Am I on the right track here? I am aware that Authentication Strengths can be configured—perhaps this is where I should focus? Any advice or discussion would be greatly appreciated.
Lost mfa global admin can not login, no break glass account
No partner or another global admin or break glass account. Yes I know thats a mistake but just need mfa reset for the global admin account. Hi. I have been calling ms support for multiple days, on hold for hours at a time. I know the story about getting hold of the data protection team and there hold times. I can't login to my tenant to open a case since I lost my mfa, changed phones and the restore is not working. Already tried sspr and thats not working either, my backup email is not getting the pin. Anyone as MS that can help open a case vs being on hold for days at a time. txs M
Password expired for Hybrid Users
Hey guys we have a AVD environment configured with hybrid users working on windows 11 23h2 multiuser session host's in a pooled session host. As access devices we use either Thinclients with IgelOS and the AVD Client or Windows 11 Notebooks with the Windows App installed on it. The users passwords are expire every 3 months. I see in the Azure Log Analytics Log some errors with expired passwords. We have Password Writeback enabled on the Entra ID Connect Server. Is there a way to present the user let's say 14 days ahead that the password is going to expire soon? Many thanks for your feedback Best regards, Marc
Problem z zalogowaniem się no nowym telefonie z maila firmowego
Dzień dobry , Mam problem , ponieważ wymieniłem swojego starego Iphona na nowszy model , i po przeniesieniu wszystkich danych na nowy telefon , ze starego Iphona usunąłem wszystkie dane i wyzerowałem go, jednak gdy chciałem zalogować się na nowym telefonie do aplikacji mailowej Outlook wyskoczyła mi informacja o zatwierdzeniu żądania logowania z numer "33". Nie mam możliwości potwierdzić tego numeru na starym telefonie ponieważ na starym telefonie już nic nie ma. Proszę o odpowiedź co w tej sytuacji mam zrobić ? P.S Próbowałem przez aplikacje Authenticator , logując się do aplikacji swoim prywatnym mailem i po zalogowaniu chciałem dodać konto służbowe jednak po raz kolejny wyskakuje informacja odnoście potwierdzenia logowania na urządeniu przenośnym ...
When is Microsoft going to bring Microsoft Authenticator windows aka desktop or within edge itself?
When is Microsoft going to bring Microsoft Authenticator windows aka desktop or within edge itself? (People like me lose mobiles) Isn't Windows device considered anything? Only mobiles and android and iOS devices matter? People like don't store important info on Windows devices? Edge has support for in-built password manager like chrome with chrome and google passwords then why is edge not having 2fa support on windows yet in 2024? Is windows still usable if my phones goes for service center, dies randomly, or is stolen? Can I consider windows devices to be of valuable in 2024 or should I shift 100 percent to android and MacOS and ios? Should I throw my windows devices out of window since it is not dependent device when any other fails? On a sidenote, I tried checking out but WinAuth Authenticator exists for Windows PC is open-source & offers 2-step verification (but unfortunately not updated since 2016) so why Microsoft which focuses so much of AI of everything has been able to bring desktop version for windows users? Or am I asking too much in the name of security and privacy that big tech promotes all the time? Can we trust microsoft and windows devices? Or is everything going to be done by google and chrome?
Password-less authentication with using One-time passcode from Microsoft Authenticator App.
Recently one of my users was in Internet restricted zone and when he tried to sign-in with Password less method, He didn't get the code due to no internet in mobile and in addition to this, he forgot the user sign-in password. Is there any method or way to setup that we can be able to sign-in with using the 6-digit Microsoft Authenticator App Code instead of the push notification and password.
