Skip to content

KB – SelfServicePasswordReset write-back problem – error hr=80230818

This is a knowledgebase item. Hope it helps you out someday. Now, since you landed on this page, I assume you’ve got the following issue: Azure AD SelfService Password Reset worked like a charm for quite some time. All of the sudden it stopped working, and you have no idea why. You have checked the permissions on the service account, and all looks good. You are in a hybrid setup, and use password write back. All checkmarks are green. Azure… 

ADMX ingestion for Centero Agent and Carillon Client using Intune

This article is about the ADMX templates for Centero Agent and Carillon client, that you can use to configure the settings on your endpoints. Microsoft Endpoint Manager (Intune) is capable of ADMX ingestion, but this process can be complex sometimes. This article will explain the ADMX ingestion and has a couple of examples, on how to handle various settings. ADMX ingestion Before the client can use settings from the ADMX template, you need to ingest them with Microsoft Endpoint Manager/Intune… 

Access reviews for Azure AD directory roles

This blog post is for all those organizations out there with stale, overprivileged accounts having standing access to Azure AD roles, that nobody knows about, far away from the HR systems and on/offboarding processes. This is often a huge problem and the elephant in the (security) room. Now, what can we do about it? I assume you are already aware of Azure AD Privileged Identity Management, and the great features that it brings. In short: with PIM you can reduce… 

Microsoft 365 self-service using Power Apps

This article was originally posted on the Microsoft 365 PnP Blog. I was inspired by this post from Loryan Strant, that used Microsoft Forms to add users to an Azure AD group so that they were upgraded to Windows 11. With that in mind, I created a mock-up and posted it on Twitter. Based on the reactions, I added this idea to my ToDo list. Fellow MVP Albert-Jan Schot also replied, and I asked him if he would like to… 

Act on group membership changes in Azure Active Directory

Did you ever want to act on a change in group membership in Azure AD, for example, when a user is added to or removed from a specific group? I have found an easy way to do this with the use of Power Automate. You can use this for a lot of use-cases. What do we need? For this solution, we use the Office 365 Groups connector in Power Automate that holds the trigger: ‘When a group member is added… 

Onboard FIDO2 keys using Temporary Access Pass in Azure AD

One of the requirements to use FIDO2 security keys with your Microsoft 365 or Azure Active Directory account is multi-factor authentication. So if the user has not added an authentication method, they need to do that first, in order to add the FIDO2 security key to the account. That is sort of a chicken and egg situation. To work around that, we can use Azure Active Directory’s Temporary Access Pass (TAP) to onboard the user. Using this method, TAP will… 

Use Registration campaign to promote Microsoft Authenticator App

With all the new improvements to the Microsoft Authenticator App, this seems a good time to highlight a new capability in Azure AD: Registration Campain, also known as the nudge feature. Also, organizations should move away from phone transports for authentication. If your users use text (SMS) for second-factor authentication, they have very little context, and therefore might be confusing. On top of that, attackers use SIM jacking techniques to bypass those phone methods. By far the most secure way… 

The day I bought my WinRAR license

This post is about WinRAR. We all know WinRAR for it’s never expiring trial period and the annoying pop-up that we have massively ignored for decades now. At least, in the personal space. I think there are not that many people that bought a WinRAR license for their personal computer, out of principles, guilt, or even accidentally. Including me. I have never owned a WinRAR license myself. But that has changed. I actually bought my very own license last month.… 

Enable Location Information and Code Match for Azure MFA

Update 26-11-2021 As this feature is now in public preview, you can also manage those settings via the Azure portal now. You can find the new settings under Azure Active Directory -> Security -> Authentication methods -> Authenticator App. By default, both settings are managed by Microsoft. You can either enable or disable the feature. Learn more from the Microsoft docs: Use number matching in multifactor authentication (MFA) notifications (Preview) – Azure Active Directory | Microsoft DocsUse additional context in… 

Create Role Assignable Groups based on existing groups

Today’s post is about Role Assignable Groups. Are you new to this? Please check out this post first. If you are already familiar with Role Assignable Groups, you might know, these types of groups have an immutable property ” isAssignableToRole” that cannot be changed. Therefore, you cannot convert existing groups into Role Assignable Groups and vice versa. Role Assignable Groups do not support group nesting, and the group cannot be dynamic as well. So you have two options: Start from…