Office 365 Services including SPO, OneDrive, Outlook, Outlook Mobile, Azure Keeps Asking to sign in for certain users

Question

Hello Team,

Office 365 Services including SPO, OneDrive, Outlook, Outlook Mobile, Azure Keeps Asking to sign in for certain users

Log from Sign-in activity (Azure)

Scenario:1
Failure reason: Session is invalid due to expiration or recent password change. ( Outlook Mobile)
Conditional Access: Not applied ( Allowed Country Login, suspicious IP, etc..)

Scenario:2

Failure reason: Invalid username or password or Invalid on-premise username or password. ( Microsoft office)

Date /
Authentication method detail /
Succeeded /
Result detail /

3/1/2020, 6:51:38 PM /
PHS /
false /
Invalid username or password or Invalid on-premise username or password. /
Primary Authentication /

Troubleshoot & Support Tab
Status/
Failure/
Sign-in error code/
50133/
Failure reason/
Session is invalid due to expiration or recent password change./
Additional Details/
MFA requirement satisfied by claim in the token/

Users haven’t changed the password. I have verified with users and checked the log

I have checked the Azure Adsync and remediate the users from some of the sign-in risk policies. Azure Adsync looks good. MFA has not enabled for some users.

Any help appreciated!

Thanks
Alan Jacob

Answer 1

Hi All

Sorry for the belated reply. The reason for the issue was one of our configurations in CAS, precisely the Geo-location.

Answer 2

Error 50133: if they're seeing this error, it is advised to close out all sessions and re-login.

Is it possible that there might be some duplicate users with more than one object ID occurring through the sync so that they're logging in with one using the password for another?