I have turned on Security Defaults in Azure AD, but users are not being prompted to download the Authenticator App.
This was an issue with GoDaddy, who I bought the Microsoft 365 subscription plan through. If you have bought Microsoft 365 through GoDaddy, and you want to enable multi-factor authentication, you need to follow these steps:
https://www.godaddy.com/community/Managing-Email/Multi-factor-Authentication-for-Office-365/m-p/125465#M11230
Related
I want to access the outlook API with a Python application. I followed this guide but quickly ran into authentication issues. Tried it with my existing private Microsoft account and with a new created account, but ran into authentication issues quickly. Whenever I try to do anything in the portal, I get this message:
Already checked in with the general Microsoft support. They directed me towards Azure support, but I can't reach anybody there.
I tried to reproduce the same in my environment and got the same error as below:
The error usually occurs if the Microsoft personal account is not added as an external/guest user to an Azure AD tenant.
To resolve the error, contact the Global admin to invite the account as a guest user like below:
Once the admin invites, you will get an email notification to accept the invitation like below:
After accepting the invite, the Personal Microsoft account will be added to the tenant successfully like below:
And now you will be able to access the Azure Portal without any issue and you can also create your own tenant to have admin access.
If still the issue persists, try the below:
Sign out from the active session and sign in incognito window or any different browser.
Clear browser cache and cookies and try.
Confirm whether the admin has set any External user settings that is restricting the access:
Reference:
Error AADSTS50020 - User account from identity provider does not exist in tenant - Active Directory
When looking into the Build Python apps with Microsoft Graph tutorial that you followed, one of the pre-requisites mentioned signing up for the Microsoft 365 Developer Program to get a free Microsoft 365 subscription. After you sign-up, you'll need to use the Microsoft 365 developer sandbox credentials in order to continue following the tutorial without having to leverage your own Azure AD tenant or subscription (pay-as-you-go).
Build Python apps with Microsoft Graph:
Join the Microsoft 365 Developer Program
Deploy the Developer Sandbox
Using the Microsoft 365 Developer subscription(s) info you'll be able to login to the Azure Portal or Azure Active Directory admin center.
Note: You can navigate to your developer tenant using - https://aad.portal.azure.com/<<SandboxTenantName>>.onmicrosoft.com, or when prompted to sign in use your sandboxes' admin account.
If you only signed up for a new personal Microsoft account (Outlook), you'll notice that once you sign into the Azure AD Admin Center, your Outlook.com user isn't associated with any Azure tenants, and you'll run into the authentication issue error message that you referenced, so you'll have to create your own Azure AD tenant by signing up for an Azure Free Trial or Pay-as-you-go.
I hope this helps!
How to use Andoid phone as virtual MFA device for Azure portal login prompt.
https://learn.microsoft.com/en-in/azure/multi-factor-authentication/multi-factor-authentication
I see, there is an option to use smart phone in that tutorial but not much on how to use it.
Also in this link https://learn.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to , can't find such options in azure dashboard
Thanks in advance
Do you want to enable MFA for your Azure account and install APP on your Android phone?
If I understand it correctly, we can login your Azure portal, and select Multi-Factor Authentication, like this screenshot:
More information about to enable MFA for Azure AD account, please refer to this article.
After MFA enabled, we should login https://myapps.microsoft.com, and select profile then select Additional security verification, like this:
In that page, you will find the configure settings:
After that, we can use this Microsoft Authenticator APP on your Android device.
Update:
Update2:
If your first account is Microsoft account, we can't enable MFA in Azure portal, because Microsoft Account MFA different with Azure AD MFA. About Microsoft account MFA, we can follow this article to enable it.
I'm trying to enable the Multi-Factor Authentication on my Azure account, (To secure my access to the Azure portal), i am following the tutorial from here, but, unlike this picture :
I have no Enable button when I select my user:
I've tried to send a csv bulk request with only my user (the email address), but it says user does not exists.
I am trying to add MFA on the user william#[something].com when i'm logged with the william#[something].com MS account (i am the only one user, and i'm global administrator)
In the MFA management page, you can only manage/enable MFA for your own Microsoft Azure AD Accounts, including accounts creating in Azure AD or synced from your on-premise AD; not any Microsoft Account or accounts from other Microsoft Azure AD. As you said you're using a MS account, you surely can't see the enable button.
In Azure Classic Portal, you can easily see if it's a Microsoft account or a Microsoft Azure Active Directory account:
If you want to enable this for your Microsoft account, you need to use Microsoft service at here ,sign in and then click Set up two-step verification.
Follow steps afterwards, you'll enable Two-step Verification it for your Microsoft account.
Of course you can create a new account in your Microsoft Azure Active Directory (Type of User is: New user in your organization), then you can enable MFA for this new user. If you would like a Global Admin, you can click this user and assign user Global Admin role. So then later you can use this admin account for your management work.
Why after setup my Mobile App authentication only with Azure AD, the authentication popup window can allow not only my company account, but also allow public Windows Account like #outlook.com to be authenticated?
I follow this official procedures and I did check that Microsoft Account authentication is "Not Configured."
It's very weird.
Thanks for your answer.
This is probably because the #outlook.com account you are testing with is also a guest member of your Azure AD tenant. Try using a new #outlook.com account or one owned by a friend who has no connections to your organization to verify.
You can config multi authentication providers in your Azure App Services. And there are needed to configured manually. The post you provided guides you how to config AAD to your Azure App Service. To config Microsoft Account provider, you can refer to https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/.
Additionally, you can set the default authentication provider as the image:
And as your requirement, you can manually choose the authentication provider in your client code, E.G. in cordova sample:
var client = new WindowsAzure.MobileServiceClient("<mobile_app_url>");
// use aad
client.login('aad').then(
...
)
// use microsoft account
client.login('microsoftaccount').then(
...
)
Any further concern, please feel free to let me know.
I am making Office 365 add-in for Outlook web and SharePoint. As per the documentation, I need a developer account to register my add-in. The developer account for company is for $99.
I also wanted to authenticate user using his office 365 subscription. The documentation tells that an Azure account is needed for office 365 authentication, in which the app will be registered. Azure account is for $99 for company.
Now my question is that, as I have to register office 365 add-in and also enable authentication, do I need to buy both accounts each for $99 that cost $198. Or only one account serves my purpose ? It will be really helpful if any one having experience with office add-in can suggest some good resource to do this.
After you have the Office 365 developer account, you don't have to buy the Azure subscription to register the app to the Azure Active Directory. Because the Office 365 account already have a free subscription to Azure Active Directory.
And to activate this subscription and access the Azure management portal, you have to complete a one-time registration process. Afterward, you can access Azure AD from your Microsoft service that uses it(refer here about detail).
And it is recommend that you register the app through the Application Registration Portal at http://apps.dev.microsoft.com/ since it supports 'V2' which allow developers to write apps that accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint(V2 endpoint).