Posts Tagged ‘2fa’

Trying to setup a Mimecast Sync Engine Application on Prem out the Box comes up with 

“validation failed: invalid mimecast user or insufficient permissions”

This is because by default 2fa is enabled on all Accounts created in Mimecast , you need create a new Authentication Profile and Disable 2fa on this , then assign it to that user group and bind it all together with a Profile


GD Star Rating
GD Star Rating



Here are the steps to remove unnecessary Authenticator app/OAuth hardware token so that we can register new Authenticator app for this account:


  1. Visit login with account
  2. Click on the account at upper right corner, then click on “Profile”:

  1. Click on “Additional security verification” or “Edit security info”, pass MFA with SMS message.

  1. Now we will be able to manage Authenticator app/OAuth hardware token for this account, remove unnecessary ones so that we can register a new Authenticator app. Depending on whether the tenant has enabled converged registration experience, it will look like this:


Or this:


n the end I had to follow this link:L


From this post:


It enabled me to re-very my mobile number and take me to this page where I could delete the Auth app device:



GD Star Rating
GD Star Rating


that determining the Current Master Multi-Factor Authentication Server. the user interface will close

Things to check 

  1. Make sure the server can access via IE

2. Make sure you have a valid Subscription in Azure

If you have been using a Trial this might of expired , you need to be at least on a pay as you go subscription. You need to manually change this

3. Make sure you have a Multi-Factor Auth Provider in your Azure Login

Login to

New Portal

Just follow the steps

  1. Jump into C:\Program Files\Multi-Factor Authentication Server\Data
  2. Unhide the all folders and files
  3. Rename the LicenseKey to Licensekey.old
  4. Re Open Program
  5. skip the wizard and configure components manually so I choose to check the box and choose next.


Go back to the Azure Portal and select manage multifactor provider:


Then under download settings you have the option to generate an activation code:


Enter the activation details in the MFA server tool and click activate:


After activation I choosed to use the default group, you can create your own groups if you want:



You can check the status via

GD Star Rating
GD Star Rating

When enabling Two Factor Authentication for a user in Azure for 365 when trying to activate Office for a user the following error display : 

Enable on Tenant

Make sure you login to Powershell for the tenant and Enable 2fa on the 365 Organisation : Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Enable on Outlook Client

You need to turn modern authentication on for the User via the Registry : 

Office 2013 ( ADAL not enabled by default ) 

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL. REG_DWORD. 1

Office 2016 ( Should be enabled by default but can enable just in case via ) 

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL. REG_DWORD. 1

Turn of WAM

[HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\DisableADALatopWAMOverride] – REG_DWORD “1”

Enable on Skype for Business 

Set-ExecutionPolicy remotesigned

Import-Module SkypeOnlineConnector

$sfbSession = New-CsOnlineSession

Import-PSSession $sfbSession


Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

Enable on OneDrive

GD Star Rating
GD Star Rating

The Exchange Online Remote PowerShell Module needs to be installed on your computer:

  1. Open the Exchange admin center (EAC) for your Exchange Online organization. For instructions, see Exchange admin center in Exchange Online.

  2. In the EAC, go to Hybrid > Setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.

    Download the Exchange Online PowerShell Module from the Hybrid tab in the EAC
  3. In the Application Install window that opens, click Install.

    Click Install in the Exchange Online PowerShell Module window


C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Microsoft Exchange Online Powershell Module.appref-ms


GD Star Rating
GD Star Rating

Upon enabling two-factor authentication, when trying to open Outlook  you get the following error

Invalid Request: The request Tokens do not match the user context.

This is due to your existing password conflicting.

If you close down outlook

Open up command prompt and enter :   control /name Microsoft.CredentialManager

Clear out MicrosoftOfficeXX_Data:ADL and  MicrosoftOfficeXX_Data:ordid password

Start Outlook again

GD Star Rating
GD Star Rating