Lost mfa global admin can not login, no break glass account
No partner or another global admin or break glass account. Yes I know thats a mistake but just need mfa reset for the global admin account. Hi. I have been calling ms support for multiple days, on hold for hours at a time. I know the story about getting hold of the data protection team and there hold times. I can't login to my tenant to open a case since I lost my mfa, changed phones and the restore is not working. Already tried sspr and thats not working either, my backup email is not getting the pin. Anyone as MS that can help open a case vs being on hold for days at a time. txs M
Partner Center MPN ID
I was trying to access the solutions designation center on the partner center dashboard but got the following error: I have read the how to guides to gain the Microsoft Partner Network ID but could not find that in the partner center dashboard. Thanks & Regards Siddhartha SharmaMFA alerts for when a alternative phone number is added
Hi, i need to be able to find a way when someones adds a alternative phone number to MFA it sends an alert via email that would go into a shared mailbox but haven't been able to find a way to get the MFA alerts for alternative phone numbers. can someone help please?
Stuck on "More Information Required" - Office365
I have an Office365 professional account that I recently purchased with my domain on GoDaddy a couple of days ago When I log in I get stuck on the "More Information Required" screen without any skip button - occurs on Mac, iPad and iPhone on Safari, Chrome, Authenticator and the Outlook app on Mac and iOS I've cleared the cache and tried reloading and restarting all my apps - all to no avail
Can't connect via IMAP (basic authentication) to my Office 365 account
Hello, I'm struggling since two days now to enable an IMAP connection with basic authentication for my Office 365 account. I enable IMAP for the user in the admin console and furthermore, I also created an "AuthenticationPolicy" via the Exchange Online PowerShell. Set-AuthenticationPolicy -Identity "Allow Basic Auth for some ancient application" -AllowBasicAuthImap:$true Multifactor Authentication is disabled for the user. What am I missing? How can I narrow down the root cause? Thanks in advance.
locked out of account
Hi, I've locked myself out of my business account. I'm the only admin and have multi factor auth enabled. I have a new phone and the authenticator app no longer works so can't get a code or a push notification to the app, there is no backup (because I'm an idiot). I can't delete/add the account from the authenticator app because it wants me to use a code from the authenticator app which doesn't work. I can't log into the portal to submit a case due to this issue. I've tried calling and sat on hold over 6 hours, I don't believe those calls are ever answered at this point. Does anyone know of a way to get in touch with support via email/chat/etc., or have any idea how I can fix this issue? Thanks for any help, I know this is my fault.FIDO2 enabled user receive "Protect your account"
We are having issues in two different scenarios with Azure MFA for users who use FIDO2 exclusively. It seems, any settings somehow still require Microsoft Authenticator. First scenario: Registering FIDO2 after the 14 days grace period When a user is created in Azure (either directly or on-prem sync, no difference here), the user has a 14 days grace period. During this period, configuring FIDO2 works flawlessly using a Temporary Access Pass (TAP). After the 14 days, the user logs in using the provided TAP to https://aka.ms/mysecurityinfo, starts the "Add sign in method", follows the steps for the FIDO2 key, once the key is confirmed and the user is redirected back to mysecurityinfo, Azure prompts for a "Additional information is required" and requires the user to register the Microsoft Authenticator app first. The only logs we see is that the user interrupted the MFA setup. We tried several browsers, normal or incognito mode, different users, nothing prevented this, except for configuring MS Authenticator first, then configuring FIDO2 afterwards. We deleted the MS Authenticator app for these users as it was only a workaround. Now these users seem to face the second scenario below. Second scenario: FIDO2 sign in prompts for a "Protect your account" - skippable for 14 days Users are able to sign in using the FIDO2, and immediately after, they are prompted a "Protect your account" window, which asks them to configure MS Authenticator again. They have the option to skip this for 14 times (not days). If we check the user's sign in logs, it shows Failure for the user satisfying the Conditional Access requiring MFA, which is rather unexpected because the user does in fact manage to sign in using the FIDO2 security key, and is able to access the resources when skipping the "Protect your account" request. We thought it may be App specific, but finally the users face this issue with different apps (Workday, Concur, MS Teams...) After asking Google, many articles point out this is related to Security Defaults. This is not our case, as we are using Conditional Access and they are not compatible. The Conditional Access (CA) is enforcing an MFA of a custom Authentication Strength which includes the FIDO2 as one of the accepted options. The per-user MFA settings are configured to be Disabled for the affected users, as it is already enforced by the CA. The only setting that we have not modified yet is the Multifactor authentication registration policy which is set to Enabled - we cannot customise this as we have only P1 license (and we cannot find information if disabling this would later prevent us from enabling it afterwards due to missing license). As mentioned at the beginning, it seems there is somewhere a setting that expects everybody to use MS Authenticator for MFA regardless of what we configure, except if we disable MFA altogether (not gonna happen). Are there any other settings we should check or review or we can test? Thanks in advance.Document Azure AD Conditional Access Policies with the IdPowerToys App
The first app in a new community project called IdPowerToys helps Azure AD tenants to document conditional access policy settings in PowerPoint. The information used to document the CA policies is extracted (manually or automatically) from Azure AD, analyzed, and output as a PowerPoint presentation. It’s a nice way to see what CA policies exist in a Microsoft 365 tenant and helpful if you want to rationalize the set of policies in use. https://office365itpros.com/2023/03/16/idpowertoys-ca-documentation/
