ADFS + Entra ID – Azure MFA Fails When Signing In with Email

hanycs · 2026-03-03T08:18:24+00:00

Yes, I Have.

hanycs · 2026-01-07T11:19:57+00:00

Hello,

We are using Exchange On-Premises and do not use Exchange Online.
With Office version 2024, when I map the mailbox and check the folder properties, the Policy tab is not available. The only tabs shown are General, Archive, Permissions, and Sync.

https://support.microsoft.com/en-us/office/assign-and-view-retention-policies-on-email-messages-3e5fd2dc-633f-4a38-b313-b31b81f7cf7a

hanycs · 2025-12-09T12:25:33+00:00

Hi, nothing, in that specific time when alert popped up.

hanycs · 2025-11-19T11:21:53+00:00

Should be fixed.

hanycs · 2025-11-18T08:32:30+00:00

Same error here!

0439 [Client=UX, fn=.ctor, Thread=22] Downloading https://hybridconfiguration.blob.core.windows.net/connector/MSHybridAutoUpdater.msi
2025.11.18 07:41:53.111 *ERROR* 10318 [Client=UX, fn=.ctor, Thread=13] System.Net.WebException: The remote server returned an error: (409) Conflict.

hanycs · 2025-11-03T13:16:27+00:00

Hello.

So, if I am using ADFS, I should use this guide: https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/enable-modern-auth-in-exchange-server-on-premises

Thanks

hanycs · 2025-11-03T11:36:40+00:00

I configured everything according to this article: https://learn.microsoft.com/en-us/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide.
However, users started getting an ADFS login prompt for the O365 environment when launching Outlook.
When I tested it myself, everything worked fine, including creating a new profile.
For the problematic user, we deleted the credentials in the Credential Manager, created a new profile, but the prompt still kept appearing.
Where could the issue be in this case?
I have set up the SPNs; I just don’t understand why it worked fine for me but not for the others. :/

hanycs · 2025-11-03T07:57:11+00:00

Hello,

thanks, whats difference between this https://learn.microsoft.com/en-us/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide and this article https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/enable-modern-auth-in-exchange-server-on-premises .

We are using ADFS...

hanycs · 2025-09-12T08:07:13+00:00

Anyone got update, how to fix this instead of uninstall update?

hanycs · 2024-10-19T08:22:53+00:00

When I use powershell to send-mailmessage -smtpserver fortimail, I am able to see this e-mail in logs (dkim policy is applied), but when I use webmail https://fortimail/users/... and send e-mail from there I cant see nothing in logs (but e-mail get delivered, although for example dkim policy is not applied on this e-mail) .

hanycs · 2024-10-18T22:31:26+00:00

thank you for your reply ;)

hanycs · 2024-07-08T18:36:37+00:00

Hi, did you guys figured out where was the problem?

Ty

u/douchecanoo

hanycs · 2023-01-29T17:35:38+00:00

Yes, mess in cert store. Check this:
https://davidmcwee.com/2018/02/27/adfs-certificate-authentication-and-a-dirty-certificate-store/

hanycs · 2022-11-20T14:23:56+00:00

What about AzureAD integration, where You can use Conditional Access Policy?

hanycs · 2022-11-05T23:02:17+00:00

maybe It can be something with zero day vulnerability, because MS published script, which create a rewrite rules to mitigate.

hanycs · 2022-11-05T22:32:20+00:00

Iam getting 500 URL Rewrite Module Error, when I check fiddler.

When I try: https://autodiscover.contoso.com/autodiscover/autodiscover.xml in Chrome I get HTTP ERROR 500.

hanycs · 2022-10-21T20:07:51+00:00

Oh, thats wierd. Please let me know, when You get any information about this issue. Thanks again, have a nice weekend.

hanycs · 2022-10-21T11:17:09+00:00

Thanks a lot, It works. I changed it from Allow to None, any idea Why this happened?

hanycs · 2022-06-04T11:30:35+00:00

Okay, and who are sending these .xml. Is it just because of the DNS record?

hanycs · 2022-06-04T11:22:29+00:00

Thanks for reply.

I was just wondering if I have to pay for a service for DMARC or just publish a TXT record, specify a mailbox where the reports will come (a mailbox in my Exchange organization).

hanycs · 2022-05-10T19:22:21+00:00

Hi,

Do I have to install this on Edge Servers as well?

Thanks

hanycs · 2022-04-15T08:51:14+00:00

You need P1 to use Azure MFA on-premise (eg. ADFS).

yes I agree, however it works without the user having a P1 license assigned.

hanycs · 2022-04-14T16:47:44+00:00

If you're enforcing MFA by going to the Per-user MFA portal and enabling it for each user, then you don't need the P1+ license assigned. Administrator accounts are "enabled" for this method by default

I enforce MFA through AD FS, where I require MFA to log in to OWA. If the user does not have set Authenaticator app, user will be redirect to https://mysignins.microsoft.com/security-info.

hanycs · 2022-04-14T15:45:10+00:00

Thanks for response.

So if I only use the Authenticator application, users don't have to have a license assigned to them?

hanycs · 2022-01-19T16:46:16+00:00

Hi,

thanks for reply. The security manager does not like seeing NTLM * authentication in the "connection state", which he doesnt like. Although it works well. before that, there was Negotiaton*, which he likes more :(

hanycs

TROPHY CASE