What can Unlicensed Users Do?
When adding users in the admin center, one can assign a license or add users without a product license. Will these "unlicensed users" still be able to receive email? In an initial test, it seems that this works. We need multiple email inboxes for things such as invoices, info@ emails, etc., but I am reluctant to assign a full user to all of them. And making just one user with multiple aliases is not a solution either for internal reasons. So I guess what I'm asking is: Why would one normally create an unlicensed user and do I have to worry that they will no longer be able to use email?
How to update office accounts in bulk?
We have about 100 users in outlook but some info is missing like phone, job-title, manager, location ... I like to update the users and created a XLS file for this linked with the emailaddresses/office accounts. How can I import and map this info into the profiles of the accounts and update this info in bulk? thanks Betty
Network Configuration Operators - Intune - Not working
Hi All, I have been doing some testing with intune and local user groups. I have managed to get non-admin user accounts to remove them from the local admin groups and also added Admin accounts to the local admin group. There is some uses in our organisation that require access to change their network settings (they are network engineers) I have managed to create a PS script with intune that puts the users in the network configuration operators group which I can see has populated. However when the user goes to change their IP they get the UAC prompt (expected) and they put their standard user (in the NCO group) credentials in. However windows 11 just kicks back another UAC prompt. No error message. Anyone else use network configuration operators on Windows 11? Thanks for any help offered.
Error message when setting email forwarding for a blocked user
I am getting this error when setting up email forwarding for a blocked user account in admin. The operation couldn't be performed because object 'e4c37e42-253b-4c9d-954b-950c091a2e42' couldn't be found on 'MWHPR10A02DC004.NAMPR10A002.PROD.OUTLOOK.COM'. Do I have to forward the email before blocking user sign in?
How do I set the display language and region format for all users and set the company default?
Hi, How do I set the display language to English (United Kingdom) and the region format to English (United Kingdom) for all our existing users? and then change the defaults so that new users have them set automatically? Basically we keep rolling Power BI reports and things out and users language and display settings are all set as US which ends up displaying dates etc... wrong. Turns out this is the culprit, however they need to go to office.com and login and then Change your language and timezone. I don't want to have to do this for every user or have to guide them to it. Can I change this via admin for all? and then set defaults so all new users have that set? we are a UK company so would not want anything else. Any help appreciated Regards
FIDO2 enabled user receive "Protect your account"
We are having issues in two different scenarios with Azure MFA for users who use FIDO2 exclusively. It seems, any settings somehow still require Microsoft Authenticator. First scenario: Registering FIDO2 after the 14 days grace period When a user is created in Azure (either directly or on-prem sync, no difference here), the user has a 14 days grace period. During this period, configuring FIDO2 works flawlessly using a Temporary Access Pass (TAP). After the 14 days, the user logs in using the provided TAP to https://aka.ms/mysecurityinfo, starts the "Add sign in method", follows the steps for the FIDO2 key, once the key is confirmed and the user is redirected back to mysecurityinfo, Azure prompts for a "Additional information is required" and requires the user to register the Microsoft Authenticator app first. The only logs we see is that the user interrupted the MFA setup. We tried several browsers, normal or incognito mode, different users, nothing prevented this, except for configuring MS Authenticator first, then configuring FIDO2 afterwards. We deleted the MS Authenticator app for these users as it was only a workaround. Now these users seem to face the second scenario below. Second scenario: FIDO2 sign in prompts for a "Protect your account" - skippable for 14 days Users are able to sign in using the FIDO2, and immediately after, they are prompted a "Protect your account" window, which asks them to configure MS Authenticator again. They have the option to skip this for 14 times (not days). If we check the user's sign in logs, it shows Failure for the user satisfying the Conditional Access requiring MFA, which is rather unexpected because the user does in fact manage to sign in using the FIDO2 security key, and is able to access the resources when skipping the "Protect your account" request. We thought it may be App specific, but finally the users face this issue with different apps (Workday, Concur, MS Teams...) After asking Google, many articles point out this is related to Security Defaults. This is not our case, as we are using https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=condit. The Conditional Access (CA) is enforcing an MFA of a custom Authentication Strength which includes the FIDO2 as one of the accepted options. The per-user MFA settings are configured to be Disabled for the affected users, as it is already enforced by the CA. The only setting that we have not modified yet is the Multifactor authentication registration policy which is set to Enabled - we cannot customise this as we have only P1 license (and we cannot find information if disabling this would later prevent us from enabling it afterwards due to missing license). As mentioned at the beginning, it seems there is somewhere a setting that expects everybody to use MS Authenticator for MFA regardless of what we configure, except if we disable MFA altogether (not gonna happen). Are there any other settings we should check or review or we can test? Thanks in advance.Adding another user with its own email and outlook online access
Hello, i created another user in the "Active users" section and defined an email for him: avi@mycompany.onmicrosoft.com how do i create an outlook online access for it for his own email? I have a "Office 365 Business Premium" license, Do i need to buy another license so the new user can access his own email address outlook? and if i do, can i purchase outlook only for him?Sign up for Windows known issue email alerts on Microsoft 365 admin center
Good day, everyone! Today, Microsoft is announcing the availability of email alerts for Windows known issues, on the Microsoft 365 admin center. These alerts are designed to help you quickly learn about the disclosure of known issues, as well as important updates such as new workarounds or resolutions. You can sign up today on the Windows release health section of the Microsoft 365 admin center. This feature is available to IT admins with a Windows or Microsoft 365 tenant, a volume licensing subscription which provides access to Windows release health in the Microsoft 365 admin center, and an eligible admin role. To sign up, visit the Windows release health section in the Microsoft 365 admin center. Once there, select Preferences > Email and select Send me email notifications about Windows release heath. Additional options provide the ability to select which Windows versions to receive alerts about. You can also add up to 2 additional email addresses to receive alert notifications, allowing you to keep colleagues informed of issues even if they don’t have access to the admin center. Take a closer look in the new blog post New feature: Sign up for Windows known issue email alerts. You can also watch this short video for a quick step-by-step on how to subscribe: How to sign up for Windows known issue email alerts | Microsoft 365 admin center. Have a great day!
