Can't access Intune Company Portal from Android device after enabling Phishing resistant MFA
HI, Since I enabled Phishing resistant MFA in my tenant, I have been unable to access the company portal on my android phone. Login starts the auth process, but the app keeps telling me that it doesn't support pass keys. If this is the case, is the way that I can exclude the app from my CA policy to allow me to install apps that I have made available to the device? Kind Rgds Lee
Force additional MFA for PIN WH4B
so got a request from one of my clients and if you think about it, its on the verge of being valid but an edge case... Lets say you implement WH4B and leverage PIN, how do you prevent someone shoulder surfing and leveraging the PIN on that device if they take it? Or restrict pin patterns? (the patterns I am looking into) I know Fido2 is the best way along with biometrics...but they were wondering if there was a way to reprompt MS Auth App for a code after login/reboot... I couldnt find anything on this but I did find forcing a mfa device revalidation via graph api Any able to accomplish this with the entra joined device?MFA Rollout Question(s)
Hi All I hope you are well. Anyway, I'm normally more active in the Intune space but I have been tasked with rolling out MFA to a lot of non technical users. One of the questions is: What if I forget my phone with the MS Authenticator app on it? I can't seem to find any documentation or clear answer to this. Any ideas? SK
Microsoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator app for logging into apps on their desktop. Users already have authenticator app on their phone and do number matching MFA. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS When I select "Create a passkey" - I need to log into my account. However I'm blocked from successful authentication because I have conditional access policies to require compliant devices. As my mobile phone is not enrolled into Intune, I never get to the step where the passkey is created and registered. Based on the constraints - it seems like passkeys cannot be used for unmanaged/BYOD devices for organisations that have device compliance policies. It can only be used for users who have enrolled their mobile phone. Looking to see if anyone has tips or different experience using passkeys on unmanaged mobile phones to log into Entra?
Support tickets unresolved after 11 months; escalation requests ignored; stuck in a feedback loop
Hello, We have been unable to update O365 applications for close to a year now. When we update the applications, our end-users are unable to authenticate and receive 1001 errors. We have had a support ticket open now for 11 months. We are stuck in a loop where support asks us to demonstrate the issue. I can consistently reproduce this issue. This is a cry for help. Thanks to anyone who has any suggestions.Authenticator app not working on new phone - old phone with app is gone
Hello Tech Community, I have trouble with my email (hotmail) account. About 12 months ago I downloaded and activated the authenticator app after having hackers trying to enter my hotmail account. A few months ago I changed my phone and I have never been asked for second factor authentication until today (so I did not pay much attention to it as I could see it. The phone number attached is old and have no access to it and that device is long gone too). BIG PROBLEM! I have the app on my new phone but it is not linked to my account (and cannot do a Cloud Recovery). If I try to do anything with my account (forward emails or change anything) it asks me for the authenticator approval/code (that I do not have access to). I am scared about doing something that will log me out of my email (which I still have access to) but cannot make any changes nor log out. Please help. Can I deactivate the authenticator app somehow? or re-set it-up to work again? Can I migrate all my emails to a new account so I do not lose years of information if I get logged out? Can I set the forwarding emails option without having to pass by second facto authentication? Looking forward to hearing from you wise community, Thank you
Challenges with New MFA and SSPR Policies: Need Guidance
I am currently transitioning our Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA) to the new Authentication Methods policy, moving away from legacy policies. However, the lack of clarity on which methods are compatible with both scenarios is quite frustrating, and I wonder if I might be missing something. Our goal is to exclusively use the Authenticator app and security keys for both MFA and SSPR, eliminating all other methods. Additionally, we want to maintain the requirement of two methods (Authenticator app and security key) for password changes. We are in the process of distributing security keys to all staff. The issue I’m encountering is that while Microsoft promotes this new portal as a unified solution for both MFA and SSPR, not all methods are supported across both. Specifically, the security key does not currently work for SSPR. If I am unable to use the security key for SSPR and must resort to a less secure second method, I would at least like to disable that less secure method for MFA. However, it seems there is no way to configure this in the policy. Am I on the right track here? I am aware that Authentication Strengths can be configured—perhaps this is where I should focus? Any advice or discussion would be greatly appreciated.
