Issues with Passkey Login Hanging on "Connecting to Your Device"
Hi everyone, I'm currently working on enabling passkey login for some users. I have a test account where I enabled the passkey and enrolled it in Microsoft Authenticator. However, when I try to log in and scan the key, it hangs on "connecting to your device." Has anyone encountered this issue before? How can I find the root cause, and which log would show what might be blocking me? Thanks in advance for your help!
Entra ID FIDO2 with multiple accounts returns "something went wrong" for the first sign-in attempt
I am finding there seems to be a bug possibly with Entra ID authentication when using FIDO2. In a scenario where a user has multiple accounts registered on their FIDO2 security key or Microsoft Authenticator in the same tenant, the first time they sign in the authentication process only sees one account. For example, an IT staff member may have a separate account used for administrative access. The first authentication attempt returns Something went wrong, trying again shows both accounts registered on the FIDO2 device, and the login is successful. I am able to consistently reproduce this with both a hardware FIDO2 token and using Microsoft Authenticator Cross-Device authentication on Android. This happens when authenticating to the Azure Admin portal, some Microsoft 365 PowerShell modules and some 3rd party applications. Interestingly it seems that possibly a newer authentication library for developers fixes the problem. I used to have the behavior in Exchange Online PowerShell, but the most current version of it never has the problem. Does anyone else see this behavior?
Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.Phishing resistant MFA options for Entra ID Guest users
What are the phishing resistant MFA options for Entra ID B2B guest users who authenticate from an IDP that is not configured for inbound cross tenant trust? From our testing, there does not appear to be any way to use fido2/passwordless/certificate-based authentication with the guest account on the resource tenant. The following links appear to indicate that this is not supported. Overview of custom authentication strengths and advanced options for FIDO2 security keys and certificate-based authentication in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn Microsoft Entra passwordless sign-in - Microsoft Entra ID | Microsoft Learn When we enable MFA requirements in conditional access policy for Guest users, the only option that seems to work is MS Authenticator which the user can enroll for on our tenant. Would switching the account from a B2B guest to an internal Guest allow something like CBA to function or is the only real option to enable cross tenant trust and force the user to enable MFA on the account in their home IDP?
"Forgot PIN" not working. How to debug?
Hi everyone. I just deployed PIN authentication on a test OU with some Hybrid Joined workstation. This method, just like Fido keys and biometric, seems to work flawlessy except that the "forgot PIN" link at the login prompt does not show anything on windows 11 machines. Pin recovery is set via GPO, dsregcmd /status show that Canreset attribute is set to DestructiveAndNonDestructive, and Microsoft Pin Reset Service Production/Microsoft Pin Reset Client Production are installed in my Entra ID tenant. The major problem here is that there is no error message shown and I don't know which log to look for to debug this issue. Thank you in advance for every suggestion and sorry for my poor English Ciao NicoPasswordless
I believe that I have all of the components needed to be passwordless in a Hybrid Joined AD/Entra ID environment. I can perform all of the passwordless login methods. I cannot get the password option to go away using "Enable Passwordless Experience". I have made sure that no group policies are conflicting. I have verified, as per Intune, the settings catalog policy has been applied. I have tried it on two different laptops using 23H2 and 24H2 windows 11.Bitwarden Passkey
I tried to implement passkeys with Bitwarden, but I am getting an error during the last step of the setup. I have added Bitwarden's AAGUID (d548826e-79b4-db40-a3d8-11116f7e8349) to the allow list in the authentication methods. The passkey is also added to the Bitwarden app, but not into my security info. Does Microsoft support only Microsoft Authenticator for device-bound passkeys?
