SMS and Phone MFA
We saw a recent post that stated MS will be decommissioning SMS and Phone MFA as of July 10. It said the Message ID is: MC584364. Can anyone confirm this? I do not see the official notification from MS anywhere on this. Thanks Glen Original Post: https://m365admin.handsontek.net/changes-to-the-registration-campaign-feature-in-azure-ad/
Can multiple users use the same Authenticator app on one device
Hi, My use case is as follows: We have one shared mobile device and one shared laptop Authenticator installed on the above mentioned shared device Multiple users use the same mobile device and laptop (they work in shifts) Each person has their own private 0365 account Question: Can we configure Authenticator on the shared mobile device so, that there are multiple accounts but one can sign in only to one's own account by using the Authenticator, i.e. no access to sign in to other accounts by using the Authenticator. Best, Arde
aka.ms/mfasetup: old vs new user experience
Hi On some tenants I get https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1 when accessing https://aka.ms/mfasetup, while on others I end up at https://mysignins.microsoft.com/security-info I couldn't find any documentation how to control this. Also I wonder if I can manage App passwords using the new https://mysignins.microsoft.com/ and what the roadmap for the two interfaces is. Thank you
Authenticator app not working on new phone - old phone with app is gone
Hello Tech Community, I have trouble with my email (hotmail) account. About 12 months ago I downloaded and activated the authenticator app after having hackers trying to enter my hotmail account. A few months ago I changed my phone and I have never been asked for second factor authentication until today (so I did not pay much attention to it as I could see it. The phone number attached is old and have no access to it and that device is long gone too). BIG PROBLEM! I have the app on my new phone but it is not linked to my account (and cannot do a Cloud Recovery). If I try to do anything with my account (forward emails or change anything) it asks me for the authenticator approval/code (that I do not have access to). I am scared about doing something that will log me out of my email (which I still have access to) but cannot make any changes nor log out. Please help. Can I deactivate the authenticator app somehow? or re-set it-up to work again? Can I migrate all my emails to a new account so I do not lose years of information if I get logged out? Can I set the forwarding emails option without having to pass by second facto authentication? Looking forward to hearing from you wise community, Thank you
How to register a second and a third mobile phone for MFA?
How do I register a second and a third device (iPhone / iPad in in this particular case)? First phone (main phone) is already using the Authenticator App without problem. Now we need to register a second phone as backup device (and with an alternative cellular carrier) and a iPad as third device. All devices should use the Authenticator App.Azure AD Security Defaults MFA not working (as expected?)
Hi, We use Microsoft 365 Standard and have enabled Security Defaults ( https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide ) so thought that our accounts would be as secure as they could be without Conditional Access. One of our users was Phished and emails were sent from their account. Checking the Interactive sign-in logs I can see the attacker attempted to login from Nigeria (we don't operate from Nigeria) using Chrome on Windows 10 and was denied login due to MFA (which is as expected - part log shown below) Date (UTC): 2023-05-10T09:12:20Z Username: email address removed for privacy reasons Application: Microsoft Authentication Broker IP address: 105.112.183.103 Location: Lagos, Lagos, NG Status: Interrupted Sign-in error code: 50074 Failure reason: Strong Authentication is required Client app: Browser Browser: Chrome 112.0.0 Operating System: Windows 10 Multifactor authentication result: User needs to perform multi-factor authentication. There could be multiple things requiring multi-factor, e.g. Conditional Access policies, per-user enforcement, requested by client, among others Authentication requirement: Multifactor authentication Sign-in identifier: email address removed for privacy reasons Token issuer type: Azure AD 2 minutes after that attempt the attacker then tried using Safari on iOS 14 and this only asked for single factor authentication and let them in, which certainly wasn't expected! From there, they were able to monitor the email in this instance and send / modify emails until we detected them and locked them out. It could of been worse, we were lucky this time. The successful (part) log is shown below: Date (UTC): 2023-05-10T09:14:27Z Username: email address removed for privacy reasons Application: Microsoft Authentication Broker IP address: 105.112.183.103 Location: Lagos, Lagos, NG Status: Success Sign-in error code: Failure reason: Other Client app: Mobile Apps and Desktop clients Browser: Mobile Safari 14.1 Operating System: iOS 14 Multifactor authentication result: Authentication requirement: Single-factor authentication Sign-in identifier: email address removed for privacy reasons Token issuer type: Azure AD I have logged this with Microsoft but all they are concerned with is that the account is now secure and not the fact that with Security Defaults on and a phished account was accessed without MFA (and from a country we don't operate from). I have since done some more testing with another account and after revoking sessions and MFA, they could login to the same PC they normally use and access http://www.office.com without MFA prompts only finally being asked when going into Security Settings in My Account. I can accept as the location this was from is the main office it might be flagged as safe by MS. So then I used the same account to login from another clients office not associated with us (using a VM there) and again it was able to login to http://www.office.com without any MFA prompts, which again is quite concerning. I wondered if anyone had any insights into why this might have happened like this? As far as I can see Security Defaults isn't really doing a very good job. Thanks RobWindows Hello for Business 0x80090010 NTE_PERM
Hi all, I'm encountering an issue with Windows Hello for Business on the latest version of Windows (July 2025 update). The setup process fails during initialisation, and no biometric or PIN options are being provisioned for the user. Environment: Windows version: 11 24H2 Enterprise (latest update) Deployment mode: Hybrid Cloud Trust Hybrid joined devices Symptoms: Users are prompted to set up WHfB but the process fails at the last step with error 0x80090010 Users who already have WHfB authentication methods created can successfully login Event ID 311 & 303 in the User Device Registration logs Screenshots: Troubleshooting so far: Unjoined and rejoined to Entra ID Granted modify permissions on folder in which NGC container would be created Rolled back to June 2025 update (this worked) So it seems like this is caused or related to the latest Windows Update, which is rather unfortunate for us as we are just beginning to rollout WHfB for our organisation. I'm posting here to raise awareness of the issue, if there is a more appropriate place to post then please suggest.Exchange Online Powershell with MFA - How to download outside of the EAC?
Can someone share the link to download the EXO PowerShell modules without using the installer built into the EAC? We have a number of scenarios where this is not working for us. I think you shared a link with me in the past Vasil Michev, but I can't find it now. Secondary topic: Has anyone found a good way to sign-in with EXO PWS as an admin while logged in to the PC with a non-admin account? I am not sure if there is a way to disable IWA for just this PowerShell module (like running in InPrivate mode with browser)Multi-factor Authentication (MFA) via Security Defaults enforced on tenants by Microsoft (status)
Hi all, - Security Defaults is enabled by default on all newly created Microsoft 365 tenants. - Microsoft has started enforcing Multi-factor Authentication (MFA) on all tenants. - MFA will not be enforced on tenants using Conditional Access policies (at least one Azure AD Premium P1 license is required to be able to use Conditional Access policies). - Self-service password reset (SSPR) will enforce Multi-factor Authentication on all accounts (and the breakglass account) but SSPR can be disabled. - Please check admin.microsoft.com >Health > Message center regarding notification. - Security Defaults requires all users to register for MFA within 14 days; however, users can postpone this registration. After 14 days, they will be forced to do the registration; however, this happens during interactive sign-ins. - If a user doesn't perform the MFA registration and a bad actor figures out the user's password, they can register their phone or authentication app as an MFA method. It is recommended: - to use MFA company-wide because this security-feature prevents 99.9% of attacks on your accounts. - to revoke existing tokens to require all users to register for multifactor authentication. This revocation event forces previously authenticated users to authenticate and register for multifactor authentication. https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/let-users-reset-passwords https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#revoking-active-tokensHow do I confirm that Modern Authentication is enabled on my Microsoft 365 tenant?
I am currently running the latest Office 365 suite, on Windows 10 Business and using Outlook 365 (latest version). I have enabled MFA but I am still getting prompted to use an App Password to authenticate my Outlook 365/2019 desktop client, in order to connect to Exchange Online. It was my understanding that with MFA enabled, and Modern Authentication, I would be prompted for Approval via a push notification from my MFA mobile app (Microsoft Authenticator), rather than having to use an App Password. Am I understanding this correctly? If so, what do I need to check to make sure that I have all the parts in place properly, for using Outlook 365/2019 with Exchange Online with Modern Authentication and not App Passwords?
