Force additional MFA for PIN WH4B
so got a request from one of my clients and if you think about it, its on the verge of being valid but an edge case... Lets say you implement WH4B and leverage PIN, how do you prevent someone shoulder surfing and leveraging the PIN on that device if they take it? Or restrict pin patterns? (the patterns I am looking into) I know Fido2 is the best way along with biometrics...but they were wondering if there was a way to reprompt MS Auth App for a code after login/reboot... I couldnt find anything on this but I did find forcing a mfa device revalidation via graph api Any able to accomplish this with the entra joined device?MFA Rollout Question(s)
Hi All I hope you are well. Anyway, I'm normally more active in the Intune space but I have been tasked with rolling out MFA to a lot of non technical users. One of the questions is: What if I forget my phone with the MS Authenticator app on it? I can't seem to find any documentation or clear answer to this. Any ideas? SK
Microsoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?Azure MFA "Activation Failed" error with Microsoft Authenticator App
We've opened a premier ticket, but has anyone in the community seen this error before? We've got a few users that can't set up the Microsoft Authenticator app, and nothing we do is working. This is rolling out to all of our users overnight tonight, and none of our global testing has run into anything like this.What are the FQDNs used for Office 365 logon and authentication?
Hello, We run a computer lab with Office 365 installed, with a network firewall that restricts all outbound internet traffic. We had made allowances for Office 365 logons so that users could use the Office 365 desktop applications, by allowing the following entries: *.office.com *.office365.com *.microsoftonline.com *.office.net And that was working until earlier this month. Suddenly a couple weeks ago, users were no longer able to sign into Office 365. I found this list here of all URLs and IPs that Microsoft tries to use for Office 365, and I tried adding *.auth.microsoft.com *.msftidentity.com *.msidentity.com to our firewall, but still no ability to log in. As a test, I disabled the outbound network block on one of the lab machines, and confirmed that I was indeed able to log in. So I know the issue is with this firewall rule. But I cannot add every single URL on that huge list above, that's not feasible. So please, I would like to know just what URLs are required for the Office 365 sign-on to work. I don't need or care about the other services on that list.
How to add Passkey for Entra ID / M365 Identity to Windows Hello or third-party password manager?
I manage many M365 tenants and can't add all of them to Windows as an account. Because of this I would like to add passkeys for those accounts to either a third-party password manager or (preferred) Windows Hello. So far I haven't found a way to do this. The passkey dialog at https://mysignins.microsoft.com/security-info only allows me to add a passkey to a physical key. So: So how can I add M365 passkeys to Windows Hello?Support tickets unresolved after 11 months; escalation requests ignored; stuck in a feedback loop
Hello, We have been unable to update O365 applications for close to a year now. When we update the applications, our end-users are unable to authenticate and receive 1001 errors. We have had a support ticket open now for 11 months. We are stuck in a loop where support asks us to demonstrate the issue. I can consistently reproduce this issue. This is a cry for help. Thanks to anyone who has any suggestions.Authenticator app not working on new phone - old phone with app is gone
Hello Tech Community, I have trouble with my email (hotmail) account. About 12 months ago I downloaded and activated the authenticator app after having hackers trying to enter my hotmail account. A few months ago I changed my phone and I have never been asked for second factor authentication until today (so I did not pay much attention to it as I could see it. The phone number attached is old and have no access to it and that device is long gone too). BIG PROBLEM! I have the app on my new phone but it is not linked to my account (and cannot do a Cloud Recovery). If I try to do anything with my account (forward emails or change anything) it asks me for the authenticator approval/code (that I do not have access to). I am scared about doing something that will log me out of my email (which I still have access to) but cannot make any changes nor log out. Please help. Can I deactivate the authenticator app somehow? or re-set it-up to work again? Can I migrate all my emails to a new account so I do not lose years of information if I get logged out? Can I set the forwarding emails option without having to pass by second facto authentication? Looking forward to hearing from you wise community, Thank you
Add filters/ grouping to microsoft authenticator app accounts
Hello! Hope you are all well! I would like to see filters of personal/ Work and school accounts or by domain. Or even the ability to organise accounts manually into groups. Currently have a long list of personal accounts and work account.
