Profile photo component adds unwanted overlay
Component https://myaccount.microsoft.com Run command: ms-settings:yourinfo Environment Profile picture uploaded through https://myaccount.microsoft.com Profile picture uploaded through Run command (WIN+R): ms-settings:yourinfo Retrieved via Microsoft Graph SDK / Graph REST API endpoint /v1.0/me/photos/$value Steps to Reproduce Go to https://myaccount.microsoft.com. Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The component renders an overlay (e.g., presence badge/ring/branding) on top of the photo, altering the image. Impact Users see altered profile photos, leading to inconsistencies with expectations. Breaks brand/UX design guidelines that rely on unmodified profile images. Severity Medium–High (affects identity consistency across apps using Graph). Notes This happens even though no overlay option was requested in either the upload or retrieval flow. Alternative: Steps to Reproduce and working as expected Run command (WIN+R): ms-settings:yourinfo Upload a new profile picture (no presence, badge, or branding requested). Retrieve the profile picture using Microsoft Graph endpoint: GET https://graph.microsoft.com/v1.0/me/photos/$value Render the image in the client application. Expected Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding. Actual Result The raw profile photo is shown exactly as stored—no overlays, rings, badges, or branding.
Old Microsoft Office 2010 (Unknown version) license
Hello everybody, I've been having an annoying activation problem with my old Microsoft Office 2010 license because of a number of reasons. In order to provide relevant details of my case, I've made a list of peculiar characteristics of this device and this Office 2010 license bought long ago and installed in a corporate CPU now under maintenance. Original Microsoft Office 2010 (Unknown version) license provided in a DVD case was bought in 2011 or 2012 for corporate purposes, purchase not performed by me. The software was originally installed in my corporate CPU, but the case with original intallation DVD was lost over the years after several administrative changes Serial product number was carefully kept by me in an anticipation of the possibility this DVD could be lost, which came true over the years. CPU is monitored in a corporate environment and has a specific Microsoft Windows 10 license unknown by me, which DOES NOT INCLUDE Microfost Office, though. This CPU is an Intel i3 with 16 Gb of RAM memory on a 64-based Windows 10 Home Single Language OS, version 22H2. Microsoft no longer provides support for Office versions older than 2013, therefore preventing me from finding a solution in Microsoft documentation and automated Microsoft Internet tutorials/assistants. I've risked downloading and installing a non-official Microsoft Office 2010 on this CPU from a third-party website with no relationship to Microsoft because of its absence from Microsoft official sources with good results. Activation fails continuously, though, even when I copy and paste the correct serial Microsoft Office 2010 serial number I have in my backups. I have a strong suspicion this has to do with the wrong software version (Home & Student X Pro), but I am not entirely sure of it. Product number error code is 0x8007232B My corporate environment does not provide Microsoft Office to all of its computers because of budgetary constraints and the availability of alternative freeware. Moreover, they are located in an institution completely separated from where I work, because the Windows 10 version I currently use is registered with the local regional Government under an institutional corporate e-mail completely apart from this centralized IT facility. This organization is called PRODESP (https://www.prodesp.sp.gov.br), which in turn is understaffed and deals with all kinds of issues, with a particular focus dedicated to financial issues, because of the countless employees the Government of Sao Paulo State (Brazil, South America) possesses accross the entire State. Recently I tried some alternative Office suites but neither option I tried had an advanced "Find and Replace" tool which only Microsoft Office has, which made me even more strongly attached to my user experience with Microsoft Office 2010 and this is why I would like to continue using it despite this license being now almost 15 years old, and its broad operational compatibility with the current Microsoft Office 365 version, particularly with regards to file formats, recorded MACROs and many other aspects not of interest and neither discussed here. An illustrative screenshot with my problem shown on it is provided below here too. Any help from whoever is able to help me solve this problem would be greatly appreciated, particularly if provided by a Microsoft representative. Thank you.
Token replay question
I had a case of a user being phished and their token being used in a replay attack. The replay appeared in the sign in logs from a different IP address to the "true" users IP. I then saw activity on the account originating from the original IP until we killed the session a few hours later. I had someone suggest that in a token replay the M365 audit\activity logs and Entra ID signing logs will show the original persons IP, not the attackers. Can anyone confirm this?
Force additional MFA for PIN WH4B
so got a request from one of my clients and if you think about it, its on the verge of being valid but an edge case... Lets say you implement WH4B and leverage PIN, how do you prevent someone shoulder surfing and leveraging the PIN on that device if they take it? Or restrict pin patterns? (the patterns I am looking into) I know Fido2 is the best way along with biometrics...but they were wondering if there was a way to reprompt MS Auth App for a code after login/reboot... I couldnt find anything on this but I did find forcing a mfa device revalidation via graph api Any able to accomplish this with the entra joined device?
Entra invitation manager for guests
A while ago there was a change that the SharePoint invitation manager has been converted to the Entra invitation manager. This is a good thing because every guest can use the OTP for logging in. Only I see this behaviour: When a guest has been added to a group or a team. The guest can sign in with OTP to the team. Also there is a guest account created. When I share a folder or a document the guest can sign in with the OTP to the folder or document. But there is no guest account in M365 for this user. So you don't have an overview of the guest accounts in your tennant where a document has been shared with. With Powershell you can edit the entra invitation manager a bit: Set-SPOTenant -EnableAzureADB2BIntegration $true After completing this command also the users when you share something will be addeAuthenticationd as a guest. Is it default that guests are not vissible when you share a folder or document with them? Is this the right approuch to get a view of those accounts? Maurits Knoppert
Intune - disable Windows Hello
I have a goal: 1. Disable Windows Hello for Business without impacting current users on EntraID via Intune, 2. Configure password sync on the Okta site and Entra ID and MDM device What could be the way to disable PIN (for onboarded devices) and switch only to a password on endpoints? the password must be synchronized with Okta in both directions. Thank you,
