Blog Post

Microsoft Entra Blog
3 MIN READ

Cool enhancements to the Azure AD combined MFA and password reset registration experience

Alex_Simons's avatar
Alex_Simons
Icon for Microsoft rankMicrosoft
Feb 21, 2019
Howdy folks!   Today, I am excited to announce a set of fantastic enhancements—based on your feedback—to the public preview of our combined registration experience for Multi-Factor Authentication...
Updated Jul 24, 2020
Version 11.0
Product Announcements
Alex_Simons's avatar
Icon for Microsoft rankMicrosoft
Joined May 01, 2017
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
JonasBack's avatar
JonasBack
Iron Contributor
Apr 10, 2019

Sadie Henry Here's some small bugs I'll try to explain.

 

In this testing I just did, it was on Windows 10 1809 and Chrome (73.0.3683.103) 64-bit but see the same behavior on Edge. We are using Azure AD Connect with PHS and SSO and have everything properly setup on the clients since SSO in general works for all Office 365 workloads. These are also testusers which I use to go back and forth between MFA methods so this might complicate the scenarios. 

 

I agree these are all small bugs but all of them add up to the general experience of the new MFA setup which we are trying to sell to the customers and we really want to use the new experience since it's so much better and user friendly in general.

 

1. I often direct my users to aka.ms/setupsecurityinfo and sometimes you don't get SSO but instead reach a login page. But the next time they try, they get SSO. Sure, it works if they login but still, would be nice with consistent behavior.

 

2. We also see some strange behaviours in general adding/removing method during our testing.

 

For example, one of my test users did not have MFA setup according to PowerShell:

But still, aka.ms/setupsecurityinfo showed Phone and the mobile number. I then added Microsoft Authenticator app and it gets added to the list. The Phone is still there but I can't choose it as a default method:

Also PowerShell shows only two methods available:

I suspect this has something to do with confirming the phone number. But how do I confirm it? I had to press "Change" but leave the number as-is (since it was correct) and then Next to confirm it. After that I could choose it as the default method and it's also showing up in PowerShell.

 

3. Also, notice the small bug when I added the Microsoft Authenticator. It's listed twice initially... Reloading the page next time removed the invalid one without a name. I only have on Authenticator install on one phone.

 

4. I then deleted all methods:

But still, PowerShell showed methods:

Tried to login externally and I get an error message

Pressing the two choices for the app does nothing but I could send a text message.

 

5. We have also noticed when successfully scanning the QR code for adding, the spinning wheel just stays there forever. Forcing the Authenticator app checking for notifications says "No notifications found". This forces the user to abort and restart the process and this time it might work. Don't know if this is something temporary right now during my testing but it would be great with some kind of "timeout" here and if the wizard fails, instruct the user what to do.