Category: SSO
-
Entra ID Account Recovery End To End (or How To Prove Who You Really Are When Recovering Your Identity in Microsoft 365)
Microsoft Entra ID account recovery is a new end-to-end way to prove your identity when you’ve lost access and standard sign-in methods no longer work. Instead of relying only on passwords or helpdesk intervention, the process uses stronger identity verification, such as document checks and live facial verification, to confirm that you are really the…
-
Azure AD Single Sign-On Basic Auth Popup
When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018…
-
Azure AD SSO and Disabled Computer Accounts
When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past week disable this when generally disabling all the computer accounts that have not logged in for X days. Therefore if…