Share via

Azure AD logs

Microsoft Q & A 381 Reputation points
2021-08-25T15:57:42.81+00:00

Our Azure AD is showing failed logins from international sources. However, our domain is federated to ADFS with IP-based access restrictions. Our testing indicates this configuration is working as expected, but we cannot explain the international Azure AD failures in the sign-in log. These attempts appear to not be redirected to our ADFS. Can someone please review and help us determine why these aren’t federated? An example is attached. 126398-image001-5.png

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee
    2021-08-26T03:17:05.867+00:00

    @Microsoft Q & A Well if you try to sign in with that user, it detects that there are 2 identity providers for that account. The end user seems to have a personal Microsoft account with the same email address.

    If they try to use the personal account with corp credential, obviously it is not going to work and hence the sign in logs that you see.
    The end user need to remove the work email from their personal profile of Microsoft live accounts or to make sure that they choose the work accountwhich saya created by your IT department always while trying to sign in.

    126553-image.png

    If you want them to remove the work email from personal account, here are the steps they need to follow :

    1)Log into your personal Microsoft account by going to https://account.microsoft.com/profile/
    2)Click Manage how you sign in to Microsoft
    3)Click Add Email on the bottom left
    4)Select Create a new email address and add it as an alias. (We suggest using your same email@harsh.com .com to keep things simple) if possible.
    5)Next, select Add Alias (Microsoft refers to alternate emails or phone numbers as ‘aliases’. If you see that term, that is what it is referring to.)
    6)Click Make Primary. This will appear next to each alias listed on the account (except the current primary alias). The address you select will now be the one that appears in your avatar when you log into your account.
    7)Log out of the account then log back in using the new alias to make sure it works.
    8)Go back to Manage how you sign in to Microsoft and remove your work email from the list of aliases.

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.