Azure MFA "Activation Failed" error with Microsoft Authenticator App
We've opened a premier ticket, but has anyone in the community seen this error before? We've got a few users that can't set up the Microsoft Authenticator app, and nothing we do is working. This is rolling out to all of our users overnight tonight, and none of our global testing has run into anything like this.
User with hundreds of Interactive Sign-In log entries that are "Interrupted"
I have one user in our organization that has hundreds of Interactive Sign-in logs in EntraID that are marked as "Interrupted". I don't even know where to start with the user. Does anyone have a recommendation for isolating the cause of these logs? Recent entries are 95% related to Office Online Core SSO application.Entra-ID Privileged Identity Management for Groups
We have used PIM for groups to assign certain Azure Security groups to eligible users. For example a group which provides the contributor role to a certain subscription. This group is added in PIM for groups, and eligible users have been assigned to the group, in which they can provide themselves with the privileges if required to do so for maximum 8 hours. However, when we assign a user to a PIM protected group, then there is no way to tell from the user's properties, that the user has been assigned (eligible) to a PIM protected group. Therefore wouldn't it be better to create PIM groups and add the assigned user as a member of a PIM group, and assign the PIM group as eligible to the PIM protected group? Then you would able to see from the Groups list if the user is illegible for any PIM groups.
Force additional MFA for PIN WH4B
so got a request from one of my clients and if you think about it, its on the verge of being valid but an edge case... Lets say you implement WH4B and leverage PIN, how do you prevent someone shoulder surfing and leveraging the PIN on that device if they take it? Or restrict pin patterns? (the patterns I am looking into) I know Fido2 is the best way along with biometrics...but they were wondering if there was a way to reprompt MS Auth App for a code after login/reboot... I couldnt find anything on this but I did find forcing a mfa device revalidation via graph api Any able to accomplish this with the entra joined device?MFA Rollout Question(s)
Hi All I hope you are well. Anyway, I'm normally more active in the Intune space but I have been tasked with rolling out MFA to a lot of non technical users. One of the questions is: What if I forget my phone with the MS Authenticator app on it? I can't seem to find any documentation or clear answer to this. Any ideas? SK
Microsoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?Authenticator app not working on new phone - old phone with app is gone
Hello Tech Community, I have trouble with my email (hotmail) account. About 12 months ago I downloaded and activated the authenticator app after having hackers trying to enter my hotmail account. A few months ago I changed my phone and I have never been asked for second factor authentication until today (so I did not pay much attention to it as I could see it. The phone number attached is old and have no access to it and that device is long gone too). BIG PROBLEM! I have the app on my new phone but it is not linked to my account (and cannot do a Cloud Recovery). If I try to do anything with my account (forward emails or change anything) it asks me for the authenticator approval/code (that I do not have access to). I am scared about doing something that will log me out of my email (which I still have access to) but cannot make any changes nor log out. Please help. Can I deactivate the authenticator app somehow? or re-set it-up to work again? Can I migrate all my emails to a new account so I do not lose years of information if I get logged out? Can I set the forwarding emails option without having to pass by second facto authentication? Looking forward to hearing from you wise community, Thank youAdd filters/ grouping to microsoft authenticator app accounts
Hello! Hope you are all well! I would like to see filters of personal/ Work and school accounts or by domain. Or even the ability to organise accounts manually into groups. Currently have a long list of personal accounts and work account.
