Applies ToMicrosoft 365 admin

Last updated: February 2022

This article lists the known issues for Microsoft 365 Lighthouse by feature area. For more information about Lighthouse, visit the Microsoft 365 Lighthouse help library.

Users

Issue                               Description

Solution

Helpdesk Agent is unable to reset a user password

Managed Service Provider (MSP) technicians who are members of the Helpdesk Agent group are unable to reset passwords for users in customer tenants. When they try to reset the password for a user, they get the following error message: “You don’t have permission to do this. Learn more

To work around the permissions issue, Helpdesk Agents should reset passwords by using the Microsoft 365 admin center or Azure Active Directory.

Devices

Issue                               Description

Solution

Deleted policy appears

After a device compliance policy has been deleted from Intune, it will temporarily continue to be visible in Lighthouse. If MSP technicians attempt to do a policy comparison that includes a policy that’s been deleted, the technicians get the following error: “Something went wrong. Please refresh the page and try again.”

To resolve the error, clear the deleted policy from the policy comparison and compare only existing policies.

Threat management

Issue                                 Description

Solution

Threat name is missing

When MSP technicians view the list of threats from the Threat Management page, some threats may be missing the name of the threat. This will occur when the device that the threat was detected on was recently removed from Intune.

The issue will resolve within 48 hours. No additional steps are required.

Baselines

Issue

Description

Solution

Conflicting settings when comparing block legacy authentication and MFA deployment steps

If a customer tenant has deployed block legacy authentication and one of the MFA deployment steps, a comparison test will erroneously describe these settings as conflicting.

No workaround is required. The settings do not actually conflict and users in the customer tenant are not impacted.

Windows 365

Issue                                 Description

Solution

Retry provisioning error

MSP technicians get a "You don't have permissions to do this” error message when attempting to retry provisioning of a Cloud PC.

To work around this issue, log in to the customer tenant and then reprovision Cloud PCs from the Microsoft Endpoint Manger admin center. For instructions, see Reprovision a Cloud PC.

Audit logs

Issue                                 Description

Solution

Deactivate and Reactivate actions are not listed in audit logs

The following activities are currently not reported on the Audit logs page in Lighthouse:

  • Name: offboardTenant | Action: Inactivate a customer

  • Name: resetTenantOnboardingStatus | Action: Reactive customer

There’s no workaround, but we’re working on a fix. These activities will appear in audit logs once the fix is deployed in the service.

Filter is not showing all users

When MSP technicians try to filter by using Initiated By, the list of all User Principal Names (UPNs) – corresponding to email IDs of the technicians who initiated actions generating audit logs – isn’t fully displayed under the filter.

Note that the audit logs themselves will be fully displayed; only the ability to filter them by using Initiated By is impacted.

There’s no workaround, but we're working on a fix. The filter will revert to its expected behavior – displaying the full list of UPNs to filter by – once the fix is deployed in the service.

Delegated Admin Permissions (DAP)

Issue

Description

Solution

Permissions delay when changing DAP roles

If an MSP technician is added to or removed from the Admin Agent or Helpdesk Agent group, there may be a delay in reflecting the appropriate permissions within Lighthouse.

The issue will resolve within 30 minutes. No additional steps are required.

Granular Delegated Admin Permissions (GDAP)

Note: GDAP is currently in Technical Preview (Public Preview) to allow partners to assign granular permissions before GDAP is generally available.

Issue                                 Description

Solution

Various GDAP permission issues across Lighthouse

  • GDAP Security Administrators are unable to view risky users, dismiss risks, or confirm compromised users.

  • GDAP Security Readers are unable to view risky users.

Before GDAP General Availability, the workaround is to assign the user an Admin Agent DAP role. For instructions on how to assign the Admin Agent DAP role, see Assign roles and permissions to users. For a list of actions in Lighthouse that require certain Azure Active Directory roles in the partner tenant, see Configure Microsoft 365 Lighthouse portal security.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.