Forum Discussion
Solved
The remote NGC session was denied.
Hi. I was reviewing sign-in Logs for a user in Sentinel and came across an entry that has the following: ResultType: 1003033 ResultDescription: The remote NGC session was denied. Authenticatio...
Hi Both, We have recently run into the same issue and had a chat with MS after reviewing our conditional access policies for possible denies as the connection that was denied came from a TOR exit node with no Geo location. The actual reference in this instance to NGC is actually referring to Next Generation Credentials, like passwordless authentication. The error is not related to a conditional access policy, including one targeting a GeoCoordinate setting.
This sign-in refers to passwordless authentication using the Microsoft Authenticator app, for example. An 1003033 error occurs when a user attempts to authenticate with the tenant that sent an authentication request to the registered Microsoft Authenticator app, and the error signifies that the user manually denied the authentication request in the Microsoft Authenticator app.
What's odd is I'm 100% sure my credentials weren't compromised. Could they of triggered an MFA prompt trying to sign in passwordless?
Yep - I'm with you MorbrosIT - I've changed my MS creds twice and only just now i've turned off the passwordless authentication as its almost like that was somehow used against my account. Not great waking up to auth prompts on your mobile at 3am from USA when we reside on the other side of the world.
- I'm fairly certain now my credentials were never compromised. Since I have "Passwordless" enabled for my account I guarantee someone is at the Office 365 login screen and puts in my email address which then triggers MFA. I don't have Conditional Access enabled. I'd assume if I did I wouldn't even get those prompts if Geo-IP blocking is enabled.
