Related issues have opened and closed and/or been worked-around via custom policies. But in adherence to Microsoft’s own sensible recommendation to stick w/ canned B2C User Flows…

Use Case: SaaS client wants to present end-users w/ a landing page that has 2 discreet panels.

• Panel 1: “New to Our Community? Register for Free!”

• Panel 2: “Already a Member? Sign in Here!”

That requires mutually exclusive end-user journeys. How is the combination of both sign-up and sign-in available out-of-the-box, but not separately? Yes, there are ways to hack this and I’m settling for the least bad one for now.

But we all see this Use Case everywhere and many of us need to support it.

The sign in prompts for Azure AD provide attackers the ability to perform account enumeration. They provide for the enumeration of both username and passwords.

When you enter a bad username you get a response of "The username may be incorrect. Enter a different one or create a new one".

This alerts an attacker that the username was incorrect. If they then put in a valid username, it then prompts for a password.

We are asking for this to be changed to provide a more generic response so that an attacker is not aware if there are entering proper credentials or not. For example, you enter your ID and them prompted for the password. After both are completed, you are given a prompt for an unsuccessful login.

Many organizations around the world are getting benefited from Microsoft Office 365 services. This cloud-based email solution has enabled businesses with the utmost productivity. Often the need arises for Office 365 to Office 365 migration. For this, essential Office 365 mailbox / documents need to be migrated. As Office 365 related processes are complex, most users do not know how to migrate mailbox from one Office 365 account to another one. This issue will be resolved now with EdbMails Office 365 mailboxes migration.

EdbMails Office 365 Migration has the ability to migrate emails, calendars, contacts, and tasks of one Office 365 account to another. Even if the data export is between different Office 365 domains, this application can perform it easily. Users can also select specific folders only to migrate as this tool allows Office 365 selective data transfer. In a nutshell, it is an ideal solution for Office 365 Mailbox Migration.

Some of the highlighted features are:

Migrates all items between Office 365 tenants
Exports data between different Office 365 Domains
Selective data migration using “Date Filter”
Incremental migration if you pause and resume migration between the same mailboxes.

Conclusion:
If you are looking for Office 365 mailbox migration, this is the right migration tool for you. This tool ensures smooth migration between Office 365 Mailboxes.

To Know More: https://www.edbmails.com/pages/office-365-migration-tool.html

When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only) and chrome-extension:// (desktop Chrome browser only)), which triggers an event “Confirm My Sign-In” event
(AADSTS50199: CmsiInterrupt)
We would like that the Redirect URI that corresponds to the Apple Device (com.apple.Preferences://) is added to the Safe List, so that the sign-in confirmation is not displayed anymore. In the AAD back-end this application is Apple Internet Accounts or iOS account, with application ID f8d98a96-0999-43f5-8af3-69971c7bb423.

its a pain in the , and as a grown adult I should be able to allow to steal my identity if I want.
Its a of a thing for me to have to double sign in literally every time I want to access something!?
I despise that other are too stupid to realise how easy it is to NOT use microsoft products, would be a great world if you lot just upped and died.
Edit Even that ? dead if you * put half your brain power into making the world a better place instead of putting more ** online this place would be a delight instead of a cesspool of circlejerking dumbcunts.

Currently, if you have a domain with a non-routable domain name (i.e. "company.local"), and use an alternate UPN, support for seamless SSO is limited.

It works in web browsers if you pass a domain hint, but it doesn't in native applications such as Excel or Teams. This leads to limited user experience if they keep having to manually log on to their applications.

Some companies are not able to change their on-premise domain name due to dependancies from other applications.

If this feature could be modified so that seamless SSO fully works with non-routable domain names, user experience would be improved.

The OpenID Connect implementation of Azure AD is not compliant with the spec and should be fixed. If the RP requests the email or profile scopes and the user gives permission, the id token must include an email claim.

It appears that for some users, even if you add the optional claims for email, you do not get an email claim back. This is unacceptable. There is only one email address that any OIDC login would expect to get back and that is the email address they have just used to login, since that is the authenticated identity.

The fact that this doesn't work is another case of Microsoft going off-piste and making everyone's life harder. OpenID intended the spec to avoid non-standard implementations and you have gone and done this for no obvious reason.