Home

Issues with Microsoft Authenticator not popping up Approval message

Robert Woods
Super Contributor

We have recently implemented MFA with a conditional access policy. We turned off the ability to receive texts/calls and are forcing the Authenticator app. This is causing issues when users need to re set up the account in the Authenticator app. I have had multiple scenarios this week where the Microsoft Authenticator app has stopped displaying the approve/deny message. The end users try to fix the issue themselves and will remove their accounts from the app and try to reenroll by going to myapps.microsoft.com and restarting the setup process. The problem lies in that even though they are visiting the portal from devices that are excluded from MFA via conditional access (Compliant/Hybrid AD Joined) the myapps.microsoft.com portal is still enforcing MFA to log in. Since they have removed their account from the application they can not authenticate to the portal. There is no alternate method since Phone/Text are disabled. 

 

In order to get the end user back into the portal I have to go to the regular MFA Setup page, enable phone calls or texts, enable and enforce MFA on the end user, and they can finally get in to re-set up the account. 

 

All of this could be fixed with a one time bypass for cloud! 

3 Replies

Definitely would like to see the one-time bypass feature in Azure MFA. As for the Authenticator, I've also seen it fail to bring up the approval, but usually when I manually open the app, it appears.

Hi  Robert,

 

The problems should be divided into different parts:

  • Microsoft Authenticator app has stopped displaying the approve/deny message
    • Check if your devices get notifications when the app is open or closed
    • Check if the verification codes in the app are working when notification doesn't
    • Check if notification through a mobile app is enabled or disabled
    • If you tried all of these steps and are still having issues, you must check the mobile log files for diagnostics.
    • The app notification issue appear on iOS and Android?
  • Portal is still enforcing MFA
    • Check what is the reasons with Azure AD Sign-in logs and check which conditional still required the MFA and why
    • Do you've some policies for registered devices? if yes it may affect your user behavior

It's better to use more than one authentication method and you can use the additional one with the phone call and it allows you to re-enroll.

 

Eli.

@Eli Shlomo

Hi Eli

I have an issue with MFA, my customers are setup to use Microsoft Authentication Mobile App, all of them have chosen to authenticate through the OATH token, they have been connecting successfully, but this week most of them are receiving this error "Unable to reach the server, please verify internet connectivity", the MFA server  is up and running! but the amazing thing is they can reach other web-pages like google or Yahoo. What might be the issue?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies