multi factor authentication

Microsoft Authenticator app sign-in method types for Microsoft 365 account | Office 365

priyeshwagh777 Office 365 Administration , , , , , ,

In case you are setting Authenticator app for accessing your Office 365 account, you have 2 options of authenticating using the Authenticator App from you phone – Notification based and Code based. And see how you can change the preferred method to either of these types!

Notification Based

Here’s how the notification based authentication works –

  1. When you enter your username and password, you’ll see this on your browser intimating that the Approval request has been sent to your phone.

  2. On the phone, you’ll receive the below

  3. And upon opening the notification, the Microsoft Authenticator App will be opened and the permission to Approve or Deny the authentication request for your account will pop-up.

  4. Once you click on Approve, you’ll be able to login.

Code Based

And when Code based method is selected, you’ll see the below –

  1. On the browser when you enter your username and password, you’ll see the below waiting for you to refer to the Authenticator App and enter the same from your phone.



  2. Once you open the Authenticator App and open the Account which you are trying to log in, you’ll see a code in bold letters which refreshes after a time frame.

  3. Once you enter this code, you’ll be able to log in.

Changing the Authentication Method

Here’s how you can change the type of authentication method when you log into your Office 365 –

  1. Navigate to the menu on the top right.

  2. Now, on the left hand side, look for Security Info.

  3. You can then see the different authentication methods you’ve entered like phone, authenticator app etc.
    For simplicity, I only have 1 entered i.e. Authenticator App [Microsoft Authenticator].

    And now, since Microsoft Authenticator is set as the default method, I’ll also get an option to change the type of authentication set.

  4. I’ll get two options –
    “App based authentication – notification” – This will show a pop-up on the phone in the form of a notification which you can choose to Approve or Deny.
    “App based authentication or hardware token – code” – This will need you to open the Microsoft Authenticator Apps in your phone and then look for the code in the account and enter it when asked as seen in this post above.

  5. So, you can select the other method apart from the one you have selected and you should be good to go.


Hope this helps!

Here are some Power Automate posts you want to check out –

  1. Select the item based on a key value using Filter Array in Power Automate
  2. Select values from an array using Select action in a Power Automate Flow
  3. Blocking Attachment Extensions in Dynamics 365 CRM
  4. Upgrade Dataverse for Teams Environment to Dataverse Environment
  5. Showing Sandbox or Non Production Apps in Power App mobile app
  6. Create a Power Apps Per User Plan Trial | Dataverse environment
  7. Install On-Premise Gateway from Power Automate or Power Apps | Power Platform
  8. Co-presence in Power Automate | Multiple users working on a Flow
  9. Search Rows (preview) Action in Dataverse connector in a Flow | Power Automate
  10. Suppress Workflow Header Information while sending back HTTP Response in a Flow | Power Automate
  11. Call a Flow from Canvas Power App and get back response | Power Platform\
  12. FetchXML Aggregation in a Flow using CDS (Current Environment) connector | Power Automate
  13. Parsing Outputs of a List Rows action using Parse JSON in a Flow | Common Data Service (CE) connector
  14. Asynchronous HTTP Response from a Flow | Power Automate
  15. Validate JSON Schema for HTTP Request trigger in a Flow and send Response | Power Automate
  16. Converting JSON to XML and XML to JSON in a Flow | Power Automate

Thank you!

Advertisement

Delete App Passwords created by other users in Office 365 | Multi-factor authentication

priyeshwagh777 Microsoft Azure , , , ,

Now, let’s say you have enabled your users to create their own App Passwords to use in non-browser applications. But, you want to clear the same for a particular user citing there are some security concerns and they needs to be cleared before you start fresh for that user.

Here’s how you can delete App Passwords created for a selected User. Example: Priyesh is a user who has created an App Password since MFA is enforced.

Office 365 Admin Center

In Office 365 Admin Center, go to Users

  1. Once you see all the Active Users, you can simply click on Multi-factor Authentication


  2. Now, you’ll be able to see all the users who use MFA and if they have been enforced and hence, must’ve created their App Passwords. (Only Enforced Users can create app passwords – Allow users to create App Passwords in Office 365 | Multi-factor Authentication)
    Now, let’s select Priyesh’s user settings by selecting the user and then going to Manage User Settings.


  3. In manage Settings for this user, you’ll see the option ‘Delete all existing app passwords generated by the selected user


    Select the same and then Save.

  4. Now, if Priyesh checked the App Passwords / Sign-In (https://mysignins.microsoft.com/security-info), the App Password would be gone!

Hope this was useful! Here are some more Azure / O365 posts you might want to check –

  1. Allow users to create App Passwords in Office 365 | Multi-factor Authentication
  2. Office 365 Outlook connector in Cloud Flows showing Invalid Connection error | Power Automate
  3. Import multiple Users in Office 365
  4. Office 365 Admin: Quickly Enable Multi-factor authentication for users
  5. Connecting XrmToolBox to an MFA enabled Dynamics 365 environment | Azure AD
  6. Log Canvas Power App telemetry data in Azure Application Insights | Power Apps
  7. Retrieve Metadata of Global OptionSets from Dynamics 365 in Power Automate | HTTP with Azure AD action
  8. Office 365 Admin: Quickly Enable Multi-factor authentication for users

Thank you!

Allow users to create App Passwords in Office 365 | Multi-factor Authentication

priyeshwagh777 CRM with .NET Web Applications , , , ,

If you are an Admin User who wish to create App Passwords so that you can use them in your code/web applications so that you don’t have to store credentials in your application? Example: Azure Function you are developing shouldn’t store the password of the User.

At times, you must’ve noticed that why you can’t create App Passwords even when you are having MFA enabled for yourself!

Here’s why –

Scenario

Let’s say the users are logged in and they go to their Office 365 Account where they can add multiple Authentication Methods. Shortcut for that is https://mysignins.microsoft.com/security-info

  1. Once they are in Security Info in order to add new method of Authentication as below

  2. And they don’t get to create an App Password by default.


    Let’s enable users to be able to create their own App Passwords from Azure Portal.

Enforce Users to use MFA

Let’s say the Conditional Access above is already set. Now, you need to enforce users to use MFA.

  1. In O365, go to the User in Active User whom you want to allow creation of Azure App Passwords.

    Select the user and click on Multi-factor Authentication.

  2. Now, in the multi-factor authentication page, you’ll see the users as whether they are using MFA or not.
    As you see below, CRM Admin is Enabled for Multi-Factor Authentication, but not Enforced.

    So, you have to click on Enfore button to enforce the MFA.



  3. Now, when you click on Eforce, you’ll see the below message


  4. After enforcing, you’ll get a success message as below.


  5. Once enforced, you’ll see the below status is updated on whoever this is enforced on.




Create App Passwords from My Sign-ins page

Now that we have enforced the User to use MFA, here’s how you can create App Passwords

  1. As shown in the beginning, try to Add a new method


  2. This time, you’ll be able to see App Passwords as an option to select. Select it and click on Add




  3. Next, you can give a name to the App Password you are setting. You can give it a suitable name keeping in mind the purpose of the App Password you are creating.



    I’ll just give a sample name here since I want to use it in Azure Functions which I’m working on.


  4. And once it is created in a few moments, make sure you copy it before clicking on Done. Else, you can’t retrieve this later and it will be created without you noting it down.


  5. And it’ll be listed among other authentication methods

Additionally, it is recommended to also review setting up Conditional Access policies too while setting up Azure AD Multi-Factor Authentication – https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa?WT.mc_id=DX-MVP-5003911

Hope this was helpful! Here are some more D365 posts which you might be interested in –

  1. Filter records in a View owned by a Team you are a member of | Dynamics 365 CRM
  2. Get GUID of the current View in Dynamics 365 CRM JS from ribbon button | Ribbon Workbench
  3. Dynamics 365 App For Outlook missing on SiteMap in CRM? Use shortcut link [Quick Tip]
  4. Import lookup referencing records together in Dynamics 365 CRM | [Linking related entity data during Excel Import]
  5. Mailbox Alerts Hide/Show behavior in Dynamics 365 CRM
  6. Excel Importing Notes (Annotation) entity in Dynamics 365 CRM
  7. Enable/Disable the need to Approve Email for Mailboxes in Dynamics 365 CRM CE
  8. Call Azure Function from Dynamics 365 CRM using Webhooks
  9. Show Ribbon button only on record selection in Dynamics CRM
  10. Accessing multiple occurrences of a field in Business Process Flow using JS in D365 CRM

Thank you!!