Skip to main content

QA

 Q:    A newly joined employee trying to login to office 365 web, it's asking authentication code which is not set yet. How to resolve this issue as a system admin ?

Ans:     As a system admin, you can resolve the issue of a newly joined employee being prompted for an authentication code (likely for Multi-Factor Authentication, or MFA) that hasn't been set up yet in Office 365 (Microsoft 365). Here’s a step-by-step guide to address this:

  1. Verify the User’s Account in Microsoft 365 Admin Center:
    • Log in to the Microsoft 365 Admin Center (admin.microsoft.com) with your admin credentials.
    • Navigate to Users > Active Users and locate the employee’s account.
    • Ensure the account is properly created, licensed (e.g., assigned an Office 365 license), and active.
  2. Check MFA Status:
    • In the Microsoft 365 Admin Center, go to Users > Active Users, select the employee’s account, and click Manage multifactor authentication (or navigate to Azure AD > Security > Multifactor authentication).
    • Check if MFA is enabled for the user. If it’s enabled but not configured, the user will be prompted for an authentication code they can’t provide.
  3. Reset or Configure MFA for the User:
    • If MFA is enabled but not set up:
      • Select the user in the MFA portal and click Disable to temporarily turn off MFA, allowing the user to log in without the authentication code.
      • Alternatively, guide the user to set up MFA:
        • Ask them to go to https://aka.ms/mfasetup after signing in (they may need to use an alternate sign-in method, like a temporary access pass, if prompted for MFA).
        • Follow the prompts to set up MFA (e.g., Microsoft Authenticator app, phone number for SMS, etc.).
    • If MFA is not required for the user, you can leave it disabled or configure it later.
  4. Use a Temporary Access Pass (if applicable):
    • If MFA is enforced and the user can’t sign in, you can generate a Temporary Access Pass (TAP):
      • In Azure AD, go to Users > All Users, select the employee, and under Authentication methods, choose Add authentication method > Temporary Access Pass.
      • Generate a one-time or time-limited pass and share it securely with the employee.
      • The employee uses this pass to sign in and set up their MFA method.
  5. Check Conditional Access Policies:
    • In the Azure AD portal (portal.azure.com), go to Security > Conditional Access.
    • Verify if any policies are enforcing MFA for all users or specific conditions (e.g., new users, specific apps like Office 365).
    • If needed, temporarily exclude the user from the policy (add them to an exclusion group) until MFA is configured.
  6. Assist the User with Initial Sign-In:
    • If MFA is disabled or bypassed, ask the user to sign in to https://www.office.com using their credentials (e.g., username@domain.com and password).
    • If they encounter issues, ensure their password is correct or reset it:
      • In the Microsoft 365 Admin Center, select the user, click Reset password, and provide them with a temporary password.
      • Ask them to sign in and change the password when prompted.
  7. Set Up MFA Properly (if required):
    • Once the user can sign in, guide them to configure MFA:
      • Direct them to https://aka.ms/mfasetup.
      • They can choose to use the Microsoft Authenticator app, SMS, or a phone call for authentication.
      • Ensure they complete the setup and test it by signing out and back in.
  8. Troubleshoot Common Issues:
    • Incorrect Credentials: Verify the user is using the correct email and password.
    • License Issue: Ensure the user has a valid Microsoft 365 license assigned.
    • Browser Issues: Ask the user to clear their browser cache or try a different browser/incognito mode.
    • Network Restrictions: Check if conditional access policies or network firewalls are blocking access.
  9. Communicate with the User:
    • Provide clear instructions on next steps (e.g., using a temporary access pass, setting up MFA, or contacting you for further assistance).
    • Share any temporary credentials securely (e.g., via a secure channel, not plain email).
  10. Prevent Future Issues:
    • Ensure new user onboarding includes MFA setup instructions.
    • Consider automating MFA registration using Azure AD’s security defaults or conditional access policies.
    • Train users on using the Microsoft Authenticator app or other MFA methods.

Comments

Post a Comment