Forum Discussion

ldwACE's avatar
ldwACE
Copper Contributor
Oct 21, 2025

MTO Portal MFA Prompt Not Loading

Hi We are using the mto portal to hunt across multiple tenants. My team get the "loading completed with errors" message and the prompt for "MFA Login Required". When they select this the window to ...
incident management
investigation
microsoft sentinel
onboarding
siem
Ankit365's avatar
Ankit365
Iron Contributor
Oct 22, 2025

Yes, this behavior is currently affecting several organizations that use the Microsoft 365 Defender Multi-Tenant Organization (MTO) portal, and it started appearing after the August–September 2025 portal update. The issue occurs because of a recent backend change in how the MTO portal handles cross-tenant authentication prompts for tenants that enforce MFA or Conditional Access policies with modern interactive tokens.

In previous versions, the MTO portal handled the “MFA Login Required” prompt natively in a pop-up window, allowing admins to authenticate into each tenant directly. After the update, the authentication pop-up now fails to persist its session token within the MTO browser context. As a result, the MFA window flashes and closes immediately, showing the “Loading completed with errors” message and the “Couldn’t receive full data from X of Y tenants” warning.

You can confirm this is the same issue by opening your browser’s developer console while reproducing the problem . you’ll see AADSTS50058 or interaction_required errors, which indicate the token could not be refreshed within the embedded frame.

There are a few temporary workarounds:

Re-authenticate each tenant in a separate Defender tab, then refresh the MTO portal. If the session token is cached in your browser, MTO can retrieve data for those tenants until the session expires.

Disable third-party cookie blocking or strict privacy settings in Edge/Chrome, which sometimes prevent the embedded login window from maintaining state.

Use an Azure Lighthouse delegation instead of MTO for cross-tenant hunting or reporting. Lighthouse integrations continue to support seamless MFA handling because they use service principal authentication rather than interactive login.

Open a support ticket under the MTO service category, referencing the MFA prompt regression tracked internally as bug. Microsoft has confirmed it and is preparing a fix to re-enable persistent cross-tenant sessions in the next Defender portal refresh cycle.

For now, the problem is not specific to your configuration. It is a product-side issue introduced with recent authentication flow updates in the MTO portal, and the fix is in progress. Please hit like if you like the solution.

  • ldwACE's avatar
    ldwACE
    Copper Contributor
    Oct 22, 2025

    Thank you for the reply and detailed explanation!

Resources