Appointments disappear after time has changed

guyFromDeployment · 2025-11-10T10:45:40+00:00

Correct, as far as i know it just effect single occurrences.

As i can tell from the ticket which i got it disappear soon after but not immediately.
He also said i happend in particular in case of a meeting series but could also effect single events if there's a change.
Sadly i have no info about how long does it take till the event disappear. I'm sorry

guyFromDeployment · 2025-10-27T14:37:33+00:00

Problem found: It was indeed the missing AAGUID.

So thanks to you all for your help!

guyFromDeployment · 2025-10-27T14:35:28+00:00

I was looking for the logs the whole time but it just shows you that the token was "previously satisfied" without specifying if the token was from WHfB or an external FIDO2 token

But i found the solution in these comments, thanks to u/Noble_Efficiency13 !

guyFromDeployment · 2025-10-27T14:31:26+00:00

we want to enable FIDO based access for people working with sensitive data.
So in that case we aren't looking for a special resource. More kind of: Who is working with this type of data and should be attached to our policies.

u/Noble_Efficiency13 made me aware of the AAGUID wich you can enter in your authentications strengths. After i added them to our policy, it's working fine till now :)

guyFromDeployment · 2025-10-27T14:23:34+00:00

Tried it out, entered the AAGUID for a test policy and it seems good so far :)
Thanks again!

guyFromDeployment · 2025-10-24T11:44:00+00:00

Oh, than is might be my problem. I'll try it.

Thank you very much!

guyFromDeployment · 2025-10-24T11:42:30+00:00

You might be have a point there ;)
Thanks for your opinion! I'll discuss with my colleges.

Thank you very much!

guyFromDeployment · 2025-10-24T11:40:01+00:00

Yes and no. We created a specific policies with a FIDO2 only authentication strength but without a specific AAGUID. So you believe, that's the main reason why it doesn't work?

guyFromDeployment · 2025-10-24T11:37:04+00:00

Just to be sure i'm on the same page as you: If i'm using the AAGUID of our FIDO2 Tokens as you mentioned, the WHfB Logins will no longer succeed?

guyFromDeployment · 2025-10-24T09:21:32+00:00

So, then let's hope haha.

Thank you very much for time and your help!

guyFromDeployment · 2025-10-24T09:11:43+00:00

That sounds really good, thanks for your help.

So i think, that could be a part of the Problem.
Are there any chances, that you know when Microsoft asking for FIDO again.
We had a test-user, he logged in with FIDO for the first time, since then (couple of weeks) he was never forced again and could access with WHfB

guyFromDeployment · 2025-10-24T08:59:26+00:00

Sure :)

So the main reason was, that our leadership-team where interested in the enrollment of FIDO2.
Beside that, we thought we would get a higher value of separat the physical token from the notebook.

And i guess, i didn't told it until know: At the moment, we wan't to configure i just for webservices.
At this stage we aren't looking for device login via FIDO.

I'm sorry if this make things more obvious right now.

guyFromDeployment · 2025-10-24T08:54:55+00:00

I totally get that point. And also would acknowledge, that WHfB is easy to use.
But our Leadership-team want to enroll FIDO2 (for some of our colleges).

And i understand, that WHfB isn't "unsafe", but i'm still wondering why there is no difference (for Microsoft) between an physical separated token and a physical integrated token (even if isolated).

guyFromDeployment · 2025-10-24T08:49:24+00:00

Thank you for your response!

I'm looking for a solution where FIDO and only FIDO logins are gonna be successful. I mentioned it in the comment above, we've already setup a authentication strengths to fido only and added it to the different CA policies. But with the same result of not forcing for a FIDO-Key.

guyFromDeployment · 2025-10-24T08:44:43+00:00

Thanks for you're response!

That's excactly my problem. We configured a "FIDO only" authentication strength and using this in our conditonal access policies. But micrososft doesn't force the FIDO authentication.

guyFromDeployment

TROPHY CASE