Enforce MFA to external users
Is there any news on enforcing MFA to O365 external users when they will access externally shared SPO sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled only for licensed users. Azure B2B is in public preview but I am assuming that this capability will be available as part of Azure B2B GA as mentioned in current limitiation https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-current-preview-limitations/. So question mark is if it will be enabled then will it also be applicable for normal external sharing scenario (with Azure B2B)?Connect-SPOService : Could not authenticate to SharePoint Online
Hi All! I am unable to connect to SPO from SharePoint online management shell using my account. MFA is enabled. Connect-SPOService -url https://[URL].sharepoint.com I'm getting the following response: Connect-SPOService : Could not authenticate to SharePoint Online https://[URL].sharepoint.com/ using OAuth 2.0 At line:1 char:1 + Connect-SPOService -url https://[URL].sharepoint.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-SPOService], AuthenticationException + FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.AuthenticationException,Microsoft.Online.SharePoi nt.PowerShell.ConnectSPOService Can anyone help with this? Thanks.
Authentication with ADAL using managed Mobile devices
Hi everybody, I am facing a very strange authentication problem in my app. To get a valid adal token I use the adaljs library, which works fine. I get a valid token and can connect to my Azure AppService. The app that runs in the Azure AppService then uses my adal token to get a new token. I create a UserAssertion object from the token I got from Javascript adaljs. I need to do this, because otherwise I could not connect to SharePoint Online without getting a 401 unauthorized. The code works perfectly fine for desktop browsers but does fail when I try to access my AppService with a mobile device and a adfs managed user. Using a "cloud only" user works fine, but whenever I try to use a user which gets synced from my AD I get the following error when trying to get the second token: AADSTS50131: Your device is required to be managed to access this resource. The problem here is that the device is definitely managed. When I add an exception for this user in intune, I can access the App via the mobile device. Has anybody a clue what could be the problem here? Any help would be appreciated. Thanks in advance, Alex
FIDO2 Office 365 and Windows Hello For Business Sign-in?
I saw that this was in preview a year ago. https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/bg-p/Identity Is logging into Windows 10 Hybrid joined systems using FIDO security keys now working? What about signing into Office 365 desktop apps, mobile apps and web apps with FIDO security keys?SharePoint permissions/group for Azure AD account removed the re activated.
Hi, We sync users from our on-prem AD to Azure AD. We moved a user from the OU on-prem that is synced. The sync happened and the Azure AD account disappeared (or was deactivated?) When the user was moved back and the next sync happened they reappeared on Azure AD, but had lost their previous SharePoint permissions and were not in the groups that they previously belonged to in SharePoint Online. Do the permissions have to be manually reinstated? Thank you for your time, Ollie
