Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

Topic # 239317 11-Jul-2018 21:41
One person supports this post
Send private message quote this post

So last night I casually turn on the Xbox to try and get a bit of gaming in before doing some work. "Sorry, sign in using a controller". Huh, OK, do that. "Sorry, something's wrong. You need to sign in on the web". That's new, so off to the laptop to sign in - "Your Microsoft account has been temporarily suspended. Please contact customer support and we'll ask you some questions and help you make sure your account is secure".

 

Contact Support. No option to phone, or email, just fill in a form. Fill in the form, "we'll contact you within 24 hours". Sorry, what? You've locked me out of paid services for an indeterminate amount of time and the only recourse is filling in a form and we'll get back to you? Chat support - "no, you have to wait for online safety to get back to you". Partner support - "that's odd, let me try fix that. Try resetting your password using this link, that'll fix it" - great, two factor comes in handy! - nope, the authenticator code works, but it requires another factor and all of those are "service temporarily unavailable". "Sorry, you'll have to wait for online safety".

 

24 hours later and, you guessed it! No contact back. Still locked out of tons of paid services, and everyone just says "sorry the automated system locked you out, but you have to wait for online safety to review and fix it".

 

If you can't meet your own stated timeframes for a response to automatically locking people's accounts that actually have your 2-factor that's supposed to prevent this, I would submit maybe you shouldn't be automatically locking people's accounts!

 

Meanwhile, anyone know anyone at Microsoft?


Create new topic
BDFL - Memuneh
60788 posts

Uber Geek
+1 received by user: 11668

Administrator
Trusted
Geekzone
Lifetime subscriber



2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

  Reply # 2054632 11-Jul-2018 22:08
4 people support this post
Send private message quote this post

It is a ... thrilling experience I do say! I'm not sure why companies put so much trust in their automated processes to take such drastic actions to be honest.

 

With that said though, I thought two factor authentication was supposed to make this sort of thing a thing of the past? We accept a minor inconvenience to our authentication to be secure in the knowledge that no-one else can access our accounts?


4411 posts

Uber Geek
+1 received by user: 1924

Trusted
Subscriber

  Reply # 2054707 12-Jul-2018 07:44
Send private message quote this post

Kyanar:

 

It is a ... thrilling experience I do say! I'm not sure why companies put so much trust in their automated processes to take such drastic actions to be honest.

 

With that said though, I thought two factor authentication was supposed to make this sort of thing a thing of the past? We accept a minor inconvenience to our authentication to be secure in the knowledge that no-one else can access our accounts?

 

 

 

 

Indeed, you can easily see some less drastic compromises - for example, instead of locking you out of the account, perhaps merely lock new purchases or trades or in-game items. That way you can at least still play while the account problem is sorted out, and if your account *is* compromised, then the hacker can play your games, which affects nobody.





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.




2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

  Reply # 2054738 12-Jul-2018 09:00
Send private message quote this post

SaltyNZ:

 

Indeed, you can easily see some less drastic compromises - for example, instead of locking you out of the account, perhaps merely lock new purchases or trades or in-game items. That way you can at least still play while the account problem is sorted out, and if your account *is* compromised, then the hacker can play your games, which affects nobody.

 

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

Rest assured, one takeaway is I'll never trust Microsoft to be my authentication provider for third party services again.

 

Would you believe if you use a Microsoft account to sign into Windows, it even locks you out of your computer? And if you use Visual Studio or Office 365 licensed to that login, it literally expires your products?

 

With them tying this many paid (expensive even!) services to that login, "temporarily suspended" with no accountability is not an acceptable method of account security.


BDFL - Memuneh
60788 posts

Uber Geek
+1 received by user: 11668

Administrator
Trusted
Geekzone
Lifetime subscriber

1161 posts

Uber Geek
+1 received by user: 143

Trusted
Subscriber

  Reply # 2054768 12-Jul-2018 09:29
2 people support this post
Send private message quote this post

Kyanar:

 

Would you believe if you use a Microsoft account to sign into Windows, it even locks you out of your computer?

 

 

Hmm, time to re-think my setup. I've just moved to using my Microsoft account for authentication on all of my machines instead of a local account. Looks like that was a mistake and I shouldn't be trusting of Microsoft for basic stuff like this.

 

 


38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054776 12-Jul-2018 09:44
2 people support this post
Send private message quote this post

Hi there, sorry youve had an issue with your Microsoft Account. As this is a consumer service you can log a support request at https://support.microsoft.com/en-nz/help/10494/microsoft-account-get-back-compromised-account 

We can try and help locally from MicrosoftNZ - please email the details of the case, including Microsoft Account email address, seperate backup mail address and contact number to nzcloud@microsoft.com and we will escalate to our consumer support team.

Thanks for the heads up Mauricio!







2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

  Reply # 2054826 12-Jul-2018 10:19
Send private message quote this post

Thanks Paul, much appreciated. I would suggest for Microsoft it might be worth a review into whether this type of case should result in disabling access to Windows and other local software such as Visual Studio. I know that the Windows support team can unlink your Microsoft account remotely (or at least, I think that's what they were saying when I asked?) but calling support by phone is unlikely to be the first thing a consumer thinks of when Windows says "Sorry, something's wrong with your account. Sign in on the web" (which has its own set of issues if that's their only PC). 


4478 posts

Uber Geek
+1 received by user: 887

Moderator
Trusted
Lifetime subscriber

  Reply # 2054833 12-Jul-2018 10:28
2 people support this post
Send private message quote this post

Kyanar:

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

 

I'm curious as to why you're using the same account for a personal service like Xbox as you are for corporate services like Azure and 365?


38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054941 12-Jul-2018 12:17
2 people support this post
Send private message quote this post

gehenna:

 

Kyanar:

 

It's actually more drastic than that. I'm locked out of Partner Membership Centre and MAPS Licensing, Azure Admin Console, Office 365 Admin, and any third party websites where I use the Microsoft account to sign in.

 

 

I'm curious as to why you're using the same account for a personal service like Xbox as you are for corporate services like Azure and 365?

 

 

Agree, best practice would be a consumer account for "consumer stuff". I suspect the O365 one is a personal subscription to a retail version of O365 [Home/Personal]. Azure can and should be switched to OrgID/Azure AD, and MPN [Partner network, Microsoft Action Pack etc] etc should be a separate MSA account.

 

The account must have been compromised in some way.....For anyone reading this, if you dont have MFA turned on, do it now...the Internet can be a bad place!

 

 





38 posts

Geek
+1 received by user: 16

Trusted

  Reply # 2054946 12-Jul-2018 12:22
2 people support this post
Send private message quote this post

Kyanar:

 

Thanks Paul, much appreciated. I would suggest for Microsoft it might be worth a review into whether this type of case should result in disabling access to Windows and other local software such as Visual Studio. I know that the Windows support team can unlink your Microsoft account remotely (or at least, I think that's what they were saying when I asked?) but calling support by phone is unlikely to be the first thing a consumer thinks of when Windows says "Sorry, something's wrong with your account. Sign in on the web" (which has its own set of issues if that's their only PC). 

 

 

Quick update, we have escalated this internally. You should not be relying on a consumer login service as your only authentication to Windows, or O365, or VS - If you are a business, then you should use O365 Commerical services (you cannot use O365 Home/Personal for business use), which gives you an Azure AD account, and you can use this to join your device and access other services!

 

https://docs.microsoft.com/en-nz/azure/active-directory/device-management-azuread-joined-devices-frx 







2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

  Reply # 2055179 12-Jul-2018 16:08
Send private message quote this post

paulb001:

 

Agree, best practice would be a consumer account for "consumer stuff". I suspect the O365 one is a personal subscription to a retail version of O365 [Home/Personal]. Azure can and should be switched to OrgID/Azure AD, and MPN [Partner network, Microsoft Action Pack etc] etc should be a separate MSA account.

 

The account must have been compromised in some way.....For anyone reading this, if you dont have MFA turned on, do it now...the Internet can be a bad place!

 

 

The account does have MFA - which is what confuses me. Anyways, it's mostly a case of an ancient legacy - I created the account so long ago back when I couldn't be bothered maintaining multiple accounts for things (since then I use password managers with complex passwords I couldn't remember if I tried, except for my online banking which is literally the weakest login I have).

 

The O365 and Azure admin stuff is actually attached to the AAD Tenant (good news) but annoyingly, MPN and MAPS refuse to allow attaching to an AAD account. Which is weird, because if you're signed into one when you go to PMC it actually says you're logged in but it can't find a partner association, it's just the onboarding that won't accept it for no good reason :(

 

Hopefully everyone is learning what you should and shouldn't do with an MSA though! We've long been prodded to use it as a way of logging into third party sites and even Windows itself, and it seems that may not actually be a good idea...


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.