asked on
Microsoft Azure Access and App registrations
I have added an online app to Microsoft Azure as a registered app with all the appropriate permissions (which were supplied by the company that hosts the app)
MFA is enabled for all users and is working as expected - using the Microsoft Authenticator app
The online application (access Profile) has MFA enabled and the application opens when users log in with their Microsoft credentials
When users try to log into the Microsoft 365 Portal using a browser (edge/chrome)
the get the error message in the image attached below
The same error message is shown when they try to link their email accounts from the app to the online exchange ews
I have checked the 365 portal and cannot see where this error is coming from - it looks like a compliance issue but I just cannot see where this is being pulled from
The MFA settings are also set to allow access to the 365 portal from dedicated IP addresses
The machines are joined to the MS 365 Intune portal
Please DO NOT send me google links as I have probably seen most of them
I need advice from someone who has actually come across this and solved it
ASKER
I have the Azure Security Defaults enabled at present
Can I edit these and if so, where?
Or should I disable them and create a separate mfa policy?
To be clear, is Euro London Appointments your organisation or the organisation that hosts the app?
ASKER
My organaisation
The azure portal is being accessed from a remote source which is trying to access exchange on my tenant
I have registered the app being used with the correct permissions
on your entra sign in log, can you paste the error message you are facing?
how can you have security default and MFA at the same time? you can only have 1 at the same time.
when you say "remote source", do you means external user? or a user that that located remotely?
can you also use cognito/private mode to open this?
also, try to go to the enterprise apps, and see the sign in log accordingly.
you should have a status of fail that says it cannot sign in.
from there, on basic information, it should says something of the error.
also try to use a different user, for example yourself to test that. first.
ASKER
on your entra sign in log, can you paste the error message you are facing?
There is a lot of info on the error message. What exactly am I looking for ?
how can you have security default and MFA at the same time? you can only have 1 at the same time.
I assumed that security defaults activate MFA as well
If not, what exactly is enabled?
I can disable them and just use the MFA policy
when you say "remote source", do you means external user? or a user that that located remotely?
The remote application. The user logs into that and tries to ageing access to the exchange account on my tenant
can you also use cognito/private mode to open this?
No change
also, try to go to the enterprise apps, and see the sign in log accordingly.
you should have a status of fail that says it cannot sign in.
from there, on basic information, it should says something of the error.
-------------------------------
- Launch the Sign-in Diagnostic.
- Review the diagnosis and act on suggested fixes.
--------------------------------------------------------------------------------
also try to use a different user, for example yourself to test that. first.
No change
you have a conditional access that limits your device to login
or your application are do not support "device based" authentication or able to read your device information.
goto your sign in history, and click on the conditional access tab, you will see which rule is stopping you from accessing it.