Send Mail (SMTP) through Office 365 with MFA
We have a web server that needs to be able to send emails as users (FROM field); however, we have noticed that if the user account is protected with MFA, the message is rejected. Has anyone been able to get this working? I found a work around by using an account that does not have MFA then adding that account as a delegate of the sending user, but that seems a bit extensive. In our scenario, web server sends a message showing it comes from a sales rep, that is populated dynamically on the web server. It uses CFMAIL (same rules as say PHPMailer) and uses the FROM field as the sales rep. That is handled off in this case to Office365 to send emails. Actual Error: Diagnostic-Code: smtp;550 5.7.60 SMTP; Client does not have permissions to send as this senderAzure MFA "Activation Failed" error with Microsoft Authenticator App
We've opened a premier ticket, but has anyone in the community seen this error before? We've got a few users that can't set up the Microsoft Authenticator app, and nothing we do is working. This is rolling out to all of our users overnight tonight, and none of our global testing has run into anything like this.
Why are Microsoft Data Centres logging in to my Office 365 accounts? Activity Alerts - BAV2ROPC
Hello, I have an activity alert set up to email me whenever a log in is detected from one of my 12 office 365 email users. These emails contain the username logging in and the IP address the log in originated from. Until the end of 2019, all IP addresses were expected, either being that of the office, the Vodafone mobile network or the home addresses of the sales guys. In 2020, I have started getting log in alerts, which according to https://whatismyipaddress.com/ are from Microsoft Datacentres in Ireland, Holland and Austria, all with "Microsoft Corporation" as the ISP and sometimes with the same for the Organisation and sometimes with "Microsoft Azure". e.g 40.101.88.221 (Amsterdam), 40.101.102.149 (Dublin). Worried about potential breaches, I contacted Microsoft Support (who by the way are always ON IT, thank you) who helped me find info in the audit log to say the User Agent is BAV2ROPC, which lead me to this page https://www.reddit.com/r/Office365/comments/bl90gw/bav2ropc_user_agent_in_logs/ where someone's found it means "Business Apps v2 Resource Owner Password Credential", which is apparently the User Agent for an updated version of Outlook Mobile. I have a couple of questions / observations and wondered if anyone could shed any light on this. 1) My users don't know their passwords so it's highly unlikely they've been phished, so I don't think these are breaches. 2) My email account has triggered log ins from Microsoft IP addresses, and I have 2 factor authentication turned on where I received a text message code to my mobile. I have not received texts in relation to these logins, so again I don't think it's a breach. 3) I don't use Microsoft Outlook on my mobile, so don't think I'd be generating this BAV2ROPC user agent (but I am on the Activity Alerts). 4) If it was a device I was using causing this user agent, why aren't the Activity Alerts logging my IP address from my device's location? 5) My account is used to sign in programatically in a piece of software I wrote, so that could explain it for my account, but I'm also getting alerts for users who only access their email on their android phone on the built in email app. 6) The frequency I'm receiving Activity Alerts from Microsoft IP addresses is increasing. I get a few a day now. In summary, I don't think there's anything untoward goin on, but as a responsible admin, I'ld like to understand exactly what's occuring. Many thanks, Dave
Hardware tokens with modern authentication office 365
We are enabling Modern Authentication for our Office 365 users. Some of our users do not have a company cell phones and they do not want to use their personal cellphones. Can we use hardware tokens for MFA if we do not have Azure MFA P1? Hardware tokens is a verification option for MFA Any idea how to set this up? thank you
Failed log on (Failure message: Account is locked because user tried to sign in too many times with
My company has been experiencing an attack from China IP addresses (random) for a while and I can't seem to block them. I'm getting these errors "Failed log on (Failure message: Account is locked because user tried to sign in too many times with an incorrect user ID or password)" every few days on a few of my privileged users. I've tried Turning on Modern Authentication In Azure AD Enabled Block legacy authentication Turned off POP and IMAP access via exchange admin Turned on MFA for the privileged users The redacted (with *) source app connector data is below, I'm wondering if there is a way to block OrgIdWsTrust2:process or Unknown(CBAInPROD). Or if there is something else I can block to stop this. Thanks for your help! { "UserName": "", "MfaResult": null, "DeviceInfo": "Unknown(CBAInPROD)", "LoginErrorCode": 50053, "DeviceTrustType": "", "IsInteractive": false, "Call": "OrgIdWsTrust2:process", "LoginStatus": "Failure", "MfaMaskedDeviceId": null, "IpAddress": "182.38.105.229", "UserTenantId": "****", "EventType": "MCASLoginEvent", "IsInteractiveComputed": null, "ApplicationId": "***", "CorrelationId": "***", "ApplicationName": "Office 365", "SasStatus": null, "TimeStamp": "2019-07-02T01:11:36.4486831Z", "HomeTenantUserObjectId": "***", "MfaRequired": false, "RequestId": "***", "TenantId": "***", "MfaAuthMethod": null, "MfaStatusRaw": null, "IsDeviceCompliantAndManaged": false, "BrowserId": null, "UserTenantMsodsRegionScope": "NA", "DataSource": null, "UserPrincipalObjectID": "***", "Upn": "***", "MsodsTenantRegionScope": "NA" }
How to disable option to stay signed in
The option for users to choose to stay signed in to Office 365 is a potential security problem. We have MFA turned on, but if users stay signed in another person may access the tenant if the computer is left unattended or is hacked. It was possible to turn this option off in Company Branding in AAD until the latest (preview) version of Company Branding was released. For some reason that feature is not available in the latest version. I assume I can revert to the previous version, and then turn it off, but when doing that, I receive a warning that it may have negative consequences for SharePoint Online, but it doesn't say what those consequences are. So, my questions are: 1. Can I turn it off by reverting to the previous version of Company Branding and what are the consequences? 2. Is it possible to achieve the same result in another way? PowerShell or Conditional Access maybe?
