Forum Discussion
MTO Portal MFA Prompt Not Loading
Hi
We are using the mto portal to hunt across multiple tenants.
My team get the "loading completed with errors" message and the prompt for "MFA Login Required". When they select this the window to authenticate opens and then closes instantly. When selecting the tenant name they can authenticate in a new tab directly to Defender in this tenant without any issue (but this does not carry over to the MTO portal).
The old behaviour was that they selected "MFA Login Required" and they could authenticate to the tenants they needed to at that time.
Is this happening to anyone else? Does anyone have any tips for managing multiple Defender instances using MTO?
Thanks
2 Replies
Yes, this behavior is currently affecting several organizations that use the Microsoft 365 Defender Multi-Tenant Organization (MTO) portal, and it started appearing after the August–September 2025 portal update. The issue occurs because of a recent backend change in how the MTO portal handles cross-tenant authentication prompts for tenants that enforce MFA or Conditional Access policies with modern interactive tokens.
In previous versions, the MTO portal handled the “MFA Login Required” prompt natively in a pop-up window, allowing admins to authenticate into each tenant directly. After the update, the authentication pop-up now fails to persist its session token within the MTO browser context. As a result, the MFA window flashes and closes immediately, showing the “Loading completed with errors” message and the “Couldn’t receive full data from X of Y tenants” warning.
You can confirm this is the same issue by opening your browser’s developer console while reproducing the problem . you’ll see AADSTS50058 or interaction_required errors, which indicate the token could not be refreshed within the embedded frame.
There are a few temporary workarounds:
Re-authenticate each tenant in a separate Defender tab, then refresh the MTO portal. If the session token is cached in your browser, MTO can retrieve data for those tenants until the session expires.
Disable third-party cookie blocking or strict privacy settings in Edge/Chrome, which sometimes prevent the embedded login window from maintaining state.
Use an Azure Lighthouse delegation instead of MTO for cross-tenant hunting or reporting. Lighthouse integrations continue to support seamless MFA handling because they use service principal authentication rather than interactive login.
Open a support ticket under the MTO service category, referencing the MFA prompt regression tracked internally as bug. Microsoft has confirmed it and is preparing a fix to re-enable persistent cross-tenant sessions in the next Defender portal refresh cycle.
For now, the problem is not specific to your configuration. It is a product-side issue introduced with recent authentication flow updates in the MTO portal, and the fix is in progress. Please hit like if you like the solution.
Thank you for the reply and detailed explanation!
