| ▲ | debarshri 3 hours ago |
| Recently tried using Entra ID. There are 12 ways to enforce MFA, 20 days ways to disable users, 4 ways to authenticate users, Add conditional access stuff with 50 variables and templates etc. You can customize the way you want. After configuring it, my colleagues could not log in. Thats one way to secure your organization. |
|
| ▲ | mastax 3 hours ago | parent | next [-] |
| Out of all the SSO login flows Microsoft has to have the buggiest. It’s the only one I can remember routinely having issues with. Why are there so many redirects? And why doesn’t the “remember me” checkbox ever work? |
| |
| ▲ | CDSlice 3 hours ago | parent | next [-] | | It is also the only SSO flow I have ever seen that fundamentally cannot work if you have more than one account remembered on your device. So far the only way I’ve found to get it to let you log out of account A and then log into account B is to clear all cookies otherwise it gives you permission denied errors. Have no idea how it can be this horrible | | |
| ▲ | rgblambda an hour ago | parent | next [-] | | Would container tabs solve that? They're pitched as helping separate work and personal logins. | | |
| ▲ | SoftTalker an hour ago | parent [-] | | I just run completely separate browser profiles to separate work and personal stuff. And I still sometimes need private mode or a throwaway profile to get some random thing to work. |
| |
| ▲ | throwway120385 2 hours ago | parent | prev [-] | | Yeah I have had this experience too. Woe betide ye if your company gets bought by another company with pre-existing Azure AD. |
| |
| ▲ | genthree 2 hours ago | parent | prev | next [-] | | I haven't seen it in a while (perhaps mostly because I'm in Google stuff way less than I used to be) but for years multiple Google sites would get in a state where its auth would route me through about twenty redirects in a loop and never actually finish authenticating me. Clearing cookies and re-logging-in from scratch was the only fix. Youtube was always involved, somehow, for some reason, even when what I was doing wasn't connected to Youtube at all or the account I was using had never even been intentionally used with Youtube. It'd route me through a few Youtube domain names. (Microsoft's is indeed even worse, on some of theirs [Azure Devops, looking at you] I can't use them in pinned tabs because somehow they manage to get into a totally broken state where the page won't load due to whatever's happening with their auth flow in the background, and no method of reloading the tab fixes it, and it does this every couple days—but copy-pasting the same URL to a new tab does work) | |
| ▲ | bombcar 3 hours ago | parent | prev [-] | | I've always assumed the billions of redirects are setting cookies so all the various systems "work" but I have given up trying to understand it. |
|
|
| ▲ | yoyohello13 3 hours ago | parent | prev | next [-] |
| That’s Microsoft. 1000s of features and none of them really work the way they are supposed to. |
| |
| ▲ | ploxiln an hour ago | parent | next [-] | | it's "Enterprise" grade software! need to check the boxes for the procurement process (actually working is a separate department) | |
| ▲ | b0rgedhuman 2 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | joezydeco 3 hours ago | parent | prev | next [-] |
| There are extra ways to do that, but they're on a document deep in a Sharepoint directory that you can't access. |
| |
|
| ▲ | DeathArrow 8 minutes ago | parent | prev | next [-] |
| I ripped Entra ID from one of our projects and replaced it with Keycloak. |
|
| ▲ | jjtheblunt 3 hours ago | parent | prev | next [-] |
| same experience for us, and then they email the living shit out of you about how your weekly entra id stats are good or bad, and you can not opt out of these emails. |
| |
| ▲ | lostlogin 3 hours ago | parent [-] | | > they email the living shit out of you This sounds like LinkedIn. | | |
| ▲ | debarshri 3 hours ago | parent [-] | | Wait a minute. It is owned by Microsoft. | | |
| ▲ | lostlogin 2 hours ago | parent [-] | | It’s a relentless horror. I signed my wife up to track down a driver that crashed into her. I think LinkedIn spam is worse than being in a crash. |
|
|
|
|
| ▲ | Pxtl 3 hours ago | parent | prev | next [-] |
| The problem is modern MS doing three contradictory things at the same time: - FB's move fast and break things. Constantly launching new libs. - Linus's we do not break user space. Great commitment to backwards compatibility. - Never deprecating dead products until they've been de facto abandoned for like decades. This combination means every MS product is a labyrinth of overlapping APIs with no guidance as to which one is actually the good one. Some are abandoned garbage, some are brand new and incomplete, and some are both, and there's no way of knowing which are which even experts can mislead you. |
| |
| ▲ | 0cf8612b2e1e an hour ago | parent | next [-] | | Well said. It feels like Microsoft is willing to release the intern’s poorly thought out product, and then commits to support the garbage design for all time. Microsoft, you are a behemoth. There are few domains where you actually compete. Give your products a minute to breath before you cast them in stone. | |
| ▲ | b0rgedhuman 2 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | hedora 3 hours ago | parent | prev [-] |
| Same here, except with Minecraft and XBox One. I don’t understand how they have non-zero market share. |
| |
| ▲ | ryandrake 3 hours ago | parent | next [-] | | I remember trying to buy $9 worth of Minecraft In-app Whatever for my kid, and the goose chase Microsoft put me on just to log in and buy something was totally out of this world. I ended up needing to contact their fraud department around step 74. | | |
| ▲ | doubled112 3 hours ago | parent [-] | | I'm still annoyed that I can't share those Minecraft purchases with a family. |
| |
| ▲ | alexpotato 3 hours ago | parent | prev [-] | | For Minecraft they inherited a gigantic userbase from Mojang and then made it 10x harder to add new users. | | |
| ▲ | genthree 2 hours ago | parent [-] | | I did it for my kids to have accounts and I do not understand how anyone who hasn't built a Gentoo from Stage 1 has a prayer of managing to buy Minecraft Java Edition for their kid, and making it actually work. Then you've got the hell of overlapping permissions systems on the console and the Microsoft account, to get any amount of online play working on a console if you also get Bedrock. On the Playstation, especially, the error messages also love to not tell you which of the two systems is blocking you, so you get to guess. And Microsoft's site for managing those permissions is so confusingly-laid-out that even after doing it three times in a row I still felt lost on it. I never did solve the problem of getting Minecraft Java Edition to run on a kid's MacBook with allowlist-only Web access. It wants to contact ten or so apparently-randomly-selected-from-an-enormous-pool IP addresses on every launch. I never did find documentation of which IP blocks I needed to allow, and couldn't guess at it from the IPs themselves. If they'd just used domain names... I must have manually hit "allow" a bunch of times during twenty separate launches, and it was still presenting me the same number of prompts every time, because there was no overlap in the IPs contacted (adding insult to injury is that I'm sure all but at-most two of these were spyware horse-shit that had no actual generously-necessary role in running the software, but it'd fail if it couldn't reach them) |
|
|
