Microsoft’s Effort to Develop a Broad People Platform
Microsoft 365 users see the profile card and might wonder where the information displayed on the card comes from. Entra ID is the obvious source, but the people platform that Microsoft is developing is another and could include information imported through a Copilot connector to build out a complete picture of users and contacts within a Microsoft 365 tenant. It’s early days yet, but beta code is available. https://office365itpros.com/2025/09/10/people-platform/Windows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.
Profile photo component adds unwanted overlay
Component https://myaccount.microsoft.com Run command: ms-settings:yourinfo Environment Profile picture uploaded through https://myaccount.microsoft.com Profile picture uploaded through Run command (WIN+R): ms-settings:yourinfo Retrieved via Microsoft Graph SDK / Graph REST API endpoint /v1.0/me/photos/$value Steps to Reproduce Go to https://myaccount.microsoft.com. Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The component renders an overlay (e.g., presence badge/ring/branding) on top of the photo, altering the image. Impact Users see altered profile photos, leading to inconsistencies with expectations. Breaks brand/UX design guidelines that rely on unmodified profile images. Severity Medium–High (affects identity consistency across apps using Graph). Notes This happens even though no overlay option was requested in either the upload or retrieval flow. Alternative: Steps to Reproduce and working as expected Run command (WIN+R): ms-settings:yourinfo Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding.
How to Delegate Access Package Approvals in My Access
Microsoft recently published some documentation on enabling a new preview feature to allow access package approvers to delegate approval of their Access Packages. I walk through enabling it and the experience in my article > https://ourcloudnetwork.com/how-to-delegate-access-package-approvals-in-my-access/TAP Question
Hi All I hope you are well. Anyway, I'm looking for some clarification over Temporary Access Passes (TAP) as our testing seems to reveal some different results from those listed in the MS documentation. Here's the scenario's. My understanding: Require MFA policy deployed via Conditional Access New user F3 user starts Issue TAP to user where they can then setup MFA themselves via My Security Info etc Testing results: Require MFA policy deployed via Conditional Access New user F3 user starts User can setup MFA themselves via MS Auth app on a mobile device or via My Security Info in a browser MS TAP Info page: "The most common use for a TAP is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts." Ref: Configure a Temporary Access Pass in Microsoft Entra ID to register passwordless authentication methods - Microsoft Entra ID | Microsoft Learn Have I missed understood something here and if a new user can indeed still setup MFA is there any real need for a TAP for first time user? Info appreciated. SK
Microsoft 365 Windows 11 external user or guest user sign in
Consider the following situation: CompanyA has a Microsoft 365 tenant with licensed users. CompanyA has a business relationship with CompanyB which also has a Microsoft 365 tenant. All of CompanyB's Windows 11 Pro computers are Entra ID joined and Intune enrolled. All of CompanyB's users have Microsoft 365 Business Premium licenses. An employee of CompanyA is stationed at CompanyB's office and needs to use one of CompanyB's computers as his primary computer. How would a technician have to configure things so that CompanyA user can sign into CompanyB's Windows 11 Pro computer and work like normal? I've done some reading online but most of the articles focus on access to cloud resources, whether that be Microsoft Teams or Entra Enterprise Apps or similar resources. I haven't found an article touching on Windows 11 sign in. MatthewOld Microsoft Office 2010 (Unknown version) license
Hello everybody, I've been having an annoying activation problem with my old Microsoft Office 2010 license because of a number of reasons. In order to provide relevant details of my case, I've made a list of peculiar characteristics of this device and this Office 2010 license bought long ago and installed in a corporate CPU now under maintenance. Original Microsoft Office 2010 (Unknown version) license provided in a DVD case was bought in 2011 or 2012 for corporate purposes, purchase not performed by me. The software was originally installed in my corporate CPU, but the case with original intallation DVD was lost over the years after several administrative changes Serial product number was carefully kept by me in an anticipation of the possibility this DVD could be lost, which came true over the years. CPU is monitored in a corporate environment and has a specific Microsoft Windows 10 license unknown by me, which DOES NOT INCLUDE Microfost Office, though. This CPU is an Intel i3 with 16 Gb of RAM memory on a 64-based Windows 10 Home Single Language OS, version 22H2. Microsoft no longer provides support for Office versions older than 2013, therefore preventing me from finding a solution in Microsoft documentation and automated Microsoft Internet tutorials/assistants. I've risked downloading and installing a non-official Microsoft Office 2010 on this CPU from a third-party website with no relationship to Microsoft because of its absence from Microsoft official sources with good results. Activation fails continuously, though, even when I copy and paste the correct serial Microsoft Office 2010 serial number I have in my backups. I have a strong suspicion this has to do with the wrong software version (Home & Student X Pro), but I am not entirely sure of it. Product number error code is 0x8007232B My corporate environment does not provide Microsoft Office to all of its computers because of budgetary constraints and the availability of alternative freeware. Moreover, they are located in an institution completely separated from where I work, because the Windows 10 version I currently use is registered with the local regional Government under an institutional corporate e-mail completely apart from this centralized IT facility. This organization is called PRODESP (https://www.prodesp.sp.gov.br), which in turn is understaffed and deals with all kinds of issues, with a particular focus dedicated to financial issues, because of the countless employees the Government of Sao Paulo State (Brazil, South America) possesses accross the entire State. Recently I tried some alternative Office suites but neither option I tried had an advanced "Find and Replace" tool which only Microsoft Office has, which made me even more strongly attached to my user experience with Microsoft Office 2010 and this is why I would like to continue using it despite this license being now almost 15 years old, and its broad operational compatibility with the current Microsoft Office 365 version, particularly with regards to file formats, recorded MACROs and many other aspects not of interest and neither discussed here. An illustrative screenshot with my problem shown on it is provided below here too. Any help from whoever is able to help me solve this problem would be greatly appreciated, particularly if provided by a Microsoft representative. Thank you.
NgcSet stays NO despite working WHFB setup - RPC 0x800706ba error
Hi everyone, I need help with a Windows Hello for Business certificate trust deployment that's almost working but stuck on the final step. **What's Working:** - Manual certificate enrollment works perfectly: `certreq -enroll -user -config "MyCA.domain.local\MyCA-CA" "MyWHFBTemplate"` - TPM 2.0 is ready, enabled, and functional - All Group Policies applied correctly (computer and user) - CA server healthy, templates published **What's NOT Working:** - `dsregcmd /status` shows `NgcSet : NO` (should be YES) - `NgcSvc` (Microsoft Passport) service is stopped on client - Getting error: "RPC server is unavailable (0x800706ba)" during automatic certificate enrollment - PIN setup fails because NGC containers won't create **The Strange Part:** Manual certificate enrollment works perfectly, but automatic enrollment fails with RPC errors. Both should use the same communication path to the CA. **Environment:** - On-premises certificate trust deployment (no Azure AD) - Domain-joined Windows 11 clients - Windows Server 2019/2022 infrastructure **Questions:** 1. Should NgcSvc start automatically when WHFB policies are applied? 2. Why would manual cert enrollment work but automatic fail with RPC errors? 3. Is there a difference in how system context vs user context accesses the CA? Has anyone seen this specific combination before? Any ideas what could cause this behavior? Thanks for any help!Best Practice for Configuring PIM
I recently have had a wave of colleagues and customers asking me about what some best practices for configuring Privileged Identity Management, so I've decided to turn that into a blog post > https://ourcloudnetwork.com/best-practice-for-confirguring-privileged-identity-management-in-microsoft-entra/ Open to discussion and feedback!
Challenges with New MFA and SSPR Policies: Need Guidance
I am currently transitioning our Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA) to the new Authentication Methods policy, moving away from legacy policies. However, the lack of clarity on which methods are compatible with both scenarios is quite frustrating, and I wonder if I might be missing something. Our goal is to exclusively use the Authenticator app and security keys for both MFA and SSPR, eliminating all other methods. Additionally, we want to maintain the requirement of two methods (Authenticator app and security key) for password changes. We are in the process of distributing security keys to all staff. The issue I’m encountering is that while Microsoft promotes this new portal as a unified solution for both MFA and SSPR, not all methods are supported across both. Specifically, the security key does not currently work for SSPR. If I am unable to use the security key for SSPR and must resort to a less secure second method, I would at least like to disable that less secure method for MFA. However, it seems there is no way to configure this in the policy. Am I on the right track here? I am aware that Authentication Strengths can be configured—perhaps this is where I should focus? Any advice or discussion would be greatly appreciated.
