Authenticator not displaying numbers on MacOS
I'm have an issue with MFA on a Mac (all the latest versions). We have conditional access policies in place, so once a day I'm prompted for MFA (I work off-site) and the Office app (e.g. Outlook, Teams) will create the pop-up window that 'should' display a number that I then match on my phone. My phone see's the push notification, but the Mac never creates the numbers in the first place. The pop-up is there, just no number. The workaround is: Answer 'its not me' on the phone On the Mac, select 'I can't use Authenticator right now' Tell the Mac to send a new request This time it creates the number and I can authenticate on the phone. It only appears to happen for the installed Office applications i.e. if I'm accessing applications/admin-centre via the browser, then the pop-up is within the browser and everything works first time. Is this a known issue?Anomalies with Conditional Access Policy "Terms of Use" Failures
Hello Microsoft Community, I'm reaching out with a bit of a puzzle regarding our "Terms of Use" Conditional Access policy, and I'm eager to tap into the collective wisdom here for some insights. In our Entra ID User Sign-In logs, we've identified intermittent "failure" entries associated with the "Terms of Use" Conditional Access policy. Interestingly, even for users who had previously accepted the "Terms of Use". There appears to be no discernible impact, and they continue their tasks without interruption. This observation became apparent during the troubleshooting of unrelated Surface Hub and Edge Sync issues at some client sites. What adds to the complexity of the situation is that for the same users, both before and after these "failure" entries, the Conditional Access policy is marked as "success". Hence, it doesn't seem to be a straightforward case of the policy erroneously detecting non-acceptance of the "Terms of Use". The mystery lies in understanding why these intermittent "failure" entries occur for users who have already accepted the terms, especially when the policy consistently reports "success" for the same users. Furthermore, the Insights for the "Terms of Use" Conditional Access policy show around 1.48k successes and 1.43k failures in the last 90 days, yet there's no discernible impact on user functionality. Observations: "Failure" entries in Sign-In logs don't seem to disrupt users' day-to-day activities. The ratio of successes to failures is balanced, yet users experience no noticeable problems. The issue complicates troubleshooting efforts but doesn't significantly affect the user experience. I'm turning to the community for guidance on interpreting and resolving this discrepancy between "failure" entries in the Conditional Access policy logs and the seemingly unaffected user experience. Any insights into why these failures occur without user impact would be greatly appreciated. For additional context, I've attached screenshots of a user's Sign-In log entry and the insight chart from the Conditional Access policy. Sign-In log of a user (failure): Sign-In log of same user (success): Current Conditional Access insights: Thank you in advance for your time and assistance. I look forward to any guidance or solutions you can provide. Best regards, Leon TüpkerMicrosoft Security Community in 2025
Hey all! As your community manager, I wanted to kick off 2025 by asking you all: What you want to see more of on the Security Tech Community in the next year? What makes this platform most helpful to you? Is it more online events? Is it more community-based games or giveaways? We know this new platform UI update has come with a lot of overwhelming changes and challenges, so I wanted to check in on how everyone is doing. Please comment down below! Any and all feedback is appreciated. Let's have a conversation. Thank you!RSS feeds to security blogs?
Hello, After the update of blogs here i no longer see any RSS feeds or links. Where can those RSS feed be found now? It was the only newsfeed where blogs could be aggregated. perhaps im just blind :) but i cant find the new RSS feeds. Thank you! Previously (before this weeks update) the links to those RSS feed was as follows: https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSecurityandCompliance https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Identity https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=CoreInfrastructureandSecurityBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=AzureNetworkSecurityBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=IdentityStandards https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftThreatProtectionBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderCloudBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderATPBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderIoTBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderExternalAttackSurfaceMgmtBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Vulnerability-Management https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderThreatIntelligence https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSecurityExperts https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftSentinelBlog https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderforOffice365BlogMonitor logical disk space through Intune
Hi All, We have a requirement to monitor low disk space, particularly on devices with less than 1GB of available space. We were considering creating a custom compliance policy, but this would lead to blocking access to company resources as soon as the device becomes non-compliant. Therefore, we were wondering if there are any other automated methods we could use to monitor the logical disk space (primarily the C drive) using Intune or Microsoft Graph. Thanks in advance, DilanMicrosoft Security Product Reviews on TrustRadius: Give product feedback & get rewarded!
We love hearing more about our customers’ experience with our products! We’re currently working on growing our product reviews of Microsoft Security products on TrustRadius. We would love for you to participate and share your thoughts, feedback, and experiences using Microsoft Security products to help others in their buying process. To provide feedback on the capabilities of the Microsoft Security products, please click on the link below. You will need to first log in to your TrustRadius account or take 30 seconds to create a free account. Here are some Guidelines and Tips for Reviewers & About TrustRadius Reviews - Frequently Asked Questions  Once you have completed your review, you will receive a $25 USD (or local currency equivalent) digital gift card via email as a thank-you from TrustRadius for each in-depth review that you publish. Microsoft Entra ID Microsoft 365 Defender Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender for Endpoint The offer is good only for those customers who submit a product review on the above-mentioned site. Limit one per person The offer is non-transferable and cannot be combined with any other offer. This offer runs through December 31, 2023, or while supplies last, and is not redeemable for cash. Taxes, if any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. This offer does not apply to customers in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and China Customers, Microsoft partners and MVPs are eligible to participate. Please see Microsoft Privacy Statement and  TrustRadius Privacy Policy for more information.
Insider Builds
I have been an avid Microsoft user for many years with only a couple of small issues every now and again. The 6 weeks have been unbelievably stressful and disheartening. I thought trying samples of New Insider builds and enlisting in Azure for some up to date training for myself to help with what I wanted to roll out for my business. This has been the worst experience i have ever been apart of. I now have multiple computers and hardware in disarray but more importantly the loss of time and patience is paramount . I have come to realise the repetitive responses and requests for data collection on feedback or issues is one-sided The amount of user data submissions is not the issue though. It is the assistance from Microsoft regarding issue via portals, help-desk etc. The inclusion of many backend functions for the purpose of better user experience is heavily flawed. Unless end-user inadvertently has or encounters issues in there OS life is good. Heavily automated program tiggers sit through all OS builds for example. One drive. Regardless whether this is declined or removed it will always be running in the background. If you system had been compromised this is a perfect place for root-kit other Malware to spread. Xcopy: A Microsoft background function which has the ability clone and copy 99% of drivers of operating info structure. Can be controlled by ghost script directives or embedded dll to aid malware. Anti-virus or defender find difficulties identifying or distinguishing authentic and re-pro-ducted data. In time this type of incursion can mimic a vast amount of OS functionality. Microsoft OS validity. I have trailed numerous builds with all sharing this characteristic. Invalid or expired software and driver certificates & TPM flaws even after a full clean reset and TPM turned off in bios. Inevitably this can introduce compromised software without end-user knowledge. The impact leads to unauthorised access in many elements of the OS platform especially data access and embedded .dll which can run inline or above elevated authorisation. A lot of this is undetectable. Once embedded in OS and bios this is impossible to clean without expert assistance and can be very costly. For the most part the inclusion of new AI functionality across the OS platform is very welcomed. Unfortunately there are a large amount of bugs to be ironed out especially in the platform navigation. Advice provided via OS AI can be mis-leading or incorrect. .
Auto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! KevSecure Score - Enable conditional access policies to block legacy authentication.
Hi all, it reports me to block legacy authentications for all users, however I have already done so by configuring conditional access; does anyone else have the same report despite the fact that we have already implemented blocking?
