SSO to Office 365 with Chrome
I am having a heck of a time trying to understand why SSO with Chrome is no longer working. We are federated and Auth works with Edge and IE, WIASupportedUserAgents are configured and SSO works if I use this address https://portal.office.com/?domain_hint=md.ca If we hit https://portal.office.com I am requested to choose my identity and then it signs us on. One other details is we are using Alternate login ID's for Auth.Outlook Modern Auth not working
I am still being affected by this and I have a mix of users with the reg key and without https://techcommunity.microsoft.com/t5/identity-authentication/modern-auth-looping-with-outlook-2016-when-outside-corporate/m-p/280804 We are a 300 person Firm all working remote and the last thing I need is for Outlook to act all screwy. Has anyone fixed this? is this a bug? Has Microsoft stated what the actual fix for this is? WIndows Build 1903 18362.657: Outlook for O365 16.0.11929.20586 Just to recap I have user with and without the reg key in the post above and were still having the issue. Has anyone solved this?
Sync Issues with AAD Connect Service not updating attributes
Hi Everyone, one for the big brains. We are having issues with our AAD Connect not updating attributes between on-prem and Azure AD. The issue was first found when migrating mailboxes to the cloud. Some mailboxes were failing as the user account in AAD didn't have a remote routing address. This was usually caused by the address policy being turned off for the user. I manually added the remote routing address on-prem, but the change didn't sync to the cloud. It has grown from there. It now appears most changes do not sync through. New accounts sync to AAD fine, but after that, I cannot get changes to sync through. They show up on the connectors in AAD Connect as "Updates", but when I look at the detailed list of attributes for the user being updated, the new details are in the list, but under the "Changes" column, every single line says "None", even the line where I have made a change. I have tried setting up a whole new AAD Connect Service on a different server, no change. Can someone help out, before I log a ticket with MS?
Add Support for Multiple Domains for federation with O365
Hi Team, We currently have ADFS (ADFS is running on Windows 2016) in place for around 100 users auth to 365 using a single domain 'domain1.com', we have federated it and enabled SSO. We now need to federate additional domains - 'domain2.com and domain3.com' The new domains have been added and verified in 365 so now show as managed domains The original domain1.com did not have the -supportmultipldomains switch used when it was converted to a federated domain. What do we need to do here? Should we remove the Microsoft Online trust from AD FS federation server Management Console? and then update original domain . Though, i assume it will be done during non-business hours. Password synch is enabled and we do not want to change passwords of users. What will be the Impact on 100 or more current users of The original domain1.com, if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users. Thanks!FIDO2 Office 365 and Windows Hello For Business Sign-in?
I saw that this was in preview a year ago. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/bg-p/Identity Is logging into Windows 10 Hybrid joined systems using FIDO security keys now working? What about signing into Office 365 desktop apps, mobile apps and web apps with FIDO security keys?Office 365 MFA with Azure AD Sync Tool Service Account
We have recently started looking at the security state of our O365 tenant with the Secure Score tool (https://securescore.office.com). One of the suggestions to raise the score is to enable MFA for all Global Admin accounts. However, the Azure AD sycn tool has a user/service account that requires the Global Admin role to be assigned to it (as noted in the first referenced link below). Additionally, other Office365 admin roles are not permitted the directory sync access (as noted in the second link below). Seeing as how the sync is an automated process, there is no way that I know of to build approving a login with MFA. I have been unable to locate any articles around the Azure AD sync tool, nor a way to add an exception to the Secure Score portal for this user account. Has anyone come across a solution for either adding MFA to a service account or creating an exception for a service account to the Secure Score? https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-rolesAzure AD SSO still prompts for password while on a domain joined computer
Hey I was wondering if anyone has ran into a similar issue that we are running into here. While testing with a browser we are getting a prompted for a password while on a domain joined computer We currently have AAD Connect setup with SSO and domain is managed not federated and we also have Hybrid Join setup and that process seems to be working once a computer is hybrid join we are able to authenticate with the token. We are trying to get other piece working. So far during my testing of a computer that is domain joined only and is not in azure ad. We are using a web browser to test. 1. I have verified we have the trust sites added which are.. https://aadg.windows.net.nsatc.net https://autologon.microsoftazuread-sso.com 2. I've verified we are getting a ticket from the azureadssoacc by doing a wireshark and doing a manual klist get azureadssoacc and purge 3. I've tested with IE in unprotected mode but still get prompted to enter a password. 4. When we run the microsoft connectivity anaylzer we get the "domain is not federated" error does that apply to us since its a managed domain within azure ad? is there anything else I should check? Thanks in advance.Plan to Test ADFS SSO with Production O365 and to enable Federation in Production Azure Portal
Hi Team, I have setup ADFS SSO for on-premises and integrated it with Azure Traffic Manager. Now i need to use ADFS SSO with O365 Portal, it means i need to enable federated identity. Azure AD Connect is already enabled and sync is working for a domain in Azure Portal. Risk Factor is O365 Portal is in Production use and on-premises AD is already in sync. Can you please advise how i Plan to Test ADFS SSO with Production Office 365? Should i add a new separate domain for testing to minimize the impact on Production? Is there any Downtime involved in testing? Please advise. Please let me know if need more info. I will appreciate your response.
AD FS failover login to Office 365
Newbee here, We have an O365 environment where we log in to O365 via AD FS. We have had many unplanned outage (not controlled by IT and many more scheduled) which has taken down power to our data center, which includes our AD FS server. How do others fail over to logging into the cloud instead of being down becasue of a power outage to your data center? We would like to by default use AD FS but fail over to cloud if AD FS is down. Thoughts?
