SOLVED
Home

MFA sending multiple text messages

%3CLINGO-SUB%20id%3D%22lingo-sub-203291%22%20slang%3D%22en-US%22%3EMFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203291%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20looking%20at%20enabling%20MFA%20across%20our%20organisation%2C%20but%20in%20pilot%20group%20testing%20we%20have%20received%20feedback%20from%20our%20users%20that%20when%20at%20home%20(or%20other%20untrusted%2Funknown%20network)%2C%20if%20the%20user%20starts%20their%20laptop%20and%20three%20applications%20try%20launch%20at%20the%20same%20time%2C%20eg.%20OneDrive%20Sync%2C%20Skype%20for%20Business%20and%20Outlook%2C%20the%20user%20receives%203%20seperate%20SMS%2Ftext%20messages%20from%20Microsoft%20for%20MFA%20but%20appears%20to%20cause%20confusion%20as%20to%20which%20MFA%20code%20relates%20to%20which%20application.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20be%20interested%20to%20hear%20your%20thoughts%20or%20opinions%20on%20this%20and%20how%20you'd%20approach%20fixing%20this%20for%20users%20who%20would%20encounter%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-203291%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-354696%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354696%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20piloting%20MFA%20and%20having%20the%20exact%20same%20experience.%20Random%20SMS%20texts%20telling%20me%20to%20authenticate%20on%20my%20phone%2C%20or%20multiple%20SMS%20alerts%20when%20firing%20up%20my%20laptop.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ein%20ADFS%202019%2C%20there%20is%20this%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSTRONG%3EBug%20fix%3A%20Persistent%20SSO%20state%20for%20Win10%20devices%20when%20doing%20PRT%20auth%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EThis%20addresses%20an%20issue%20where%20MFA%20state%20was%20not%20persisted%20when%20using%20PRT%20authentication%20for%20Windows%2010%20devices.%20The%20result%20of%20the%20issue%20was%20that%20end%20users%20would%20get%20prompted%20for%202nd%20factor%20credential%20(MFA)%20frequently.%20The%20fix%20also%20makes%20the%20experience%20consistent%20when%20device%20auth%20is%20successfully%20performed%20via%20client%20TLS%20and%20via%20PRT%20mechanism.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Enot%20sure%20if%20the%20above%20fixes%20it%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20i%20can't%20recommend%20rolling%20it%20out%20like%20this.%20I%20will%20have%20to%20look%20at%20alternative%20vendors.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-346043%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-346043%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20seems%20that%20this%20hasn't%20been%20fixed.%20Today%20I%20got%2012%20codes%20for%20verification%20most%20of%20them%20(8-9)%20out%20of%20the%20blue.%20I'm%20only%20using%20Outlook%202016%20and%20logged%20online%20once%20or%20twice.%3C%2FP%3E%3CP%3EG%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268682%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268682%22%20slang%3D%22en-US%22%3Ewe%20ended%20up%20advising%20people%20to%20use%20the%20authenticator%20app%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268583%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268583%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Baronne%2C%3C%2FP%3E%3CP%3EI%20facing%20a%20similar%20issue%2C%20have%20you%20found%20any%20solutions%20please%3F%3C%2FP%3E%3CP%3EIn%20my%20case%20though%2C%20when%20my%20users%20log%20into%20O365%20they%20receive%203%20messages.%3C%2FP%3E%3CP%3EAll%203%20codes%20contained%20in%20each%20message%20fail%20when%20they%20attempt%20to%20authenticate.%3C%2FP%3E%3CP%3EIt%20quite%20frustrating.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203848%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203848%22%20slang%3D%22en-US%22%3Ethanks%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203847%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203847%22%20slang%3D%22en-US%22%3Ethanks%20I%20already%20do%20and%20have%20recommended%20to%20do%20so%20but%20have%20found%20there%20are%20going%20to%20be%20pockets%20of%20people%20who%20don't%20want%20to%20install%20the%20app%20or%20in%20fact%20don't%20have%20a%20smart%20phone%20so%20can%20only%20receive%20text%2FSMS...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203493%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203493%22%20slang%3D%22en-US%22%3E%3CP%3EI%20believe%20that%20you%20can%20also%20force%20the%20end%20users%20to%20reset%20their%20MFA%20contact%20info%20so%20it%20defaults%20to%20the%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20this%20article%20will%20help%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203406%22%20slang%3D%22en-US%22%3ERe%3A%20MFA%20sending%20multiple%20text%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203406%22%20slang%3D%22en-US%22%3E%3CP%3EI'd%20strongly%20recommend%20using%20the%20authenticator%20app%20instead%20with%20the%20notification%20method%20configured%2C%20it's%20the%20only%20method%20that%20can%20give%20you%20context%20as%20to%20what%20the%20MFA%20request%20you're%20seeing%26nbsp%3Bis%20for.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

We're looking at enabling MFA across our organisation, but in pilot group testing we have received feedback from our users that when at home (or other untrusted/unknown network), if the user starts their laptop and three applications try launch at the same time, eg. OneDrive Sync, Skype for Business and Outlook, the user receives 3 seperate SMS/text messages from Microsoft for MFA but appears to cause confusion as to which MFA code relates to which application.

 

I'd be interested to hear your thoughts or opinions on this and how you'd approach fixing this for users who would encounter this?

8 Replies

I'd strongly recommend using the authenticator app instead with the notification method configured, it's the only method that can give you context as to what the MFA request you're seeing is for.

I believe that you can also force the end users to reset their MFA contact info so it defaults to the app.

 

Maybe this article will help - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings

 

 

thanks I already do and have recommended to do so but have found there are going to be pockets of people who don't want to install the app or in fact don't have a smart phone so can only receive text/SMS...
Solution
thanks

Hi Baronne,

I facing a similar issue, have you found any solutions please?

In my case though, when my users log into O365 they receive 3 messages.

All 3 codes contained in each message fail when they attempt to authenticate.

It quite frustrating.

Highlighted
we ended up advising people to use the authenticator app

It seems that this hasn't been fixed. Today I got 12 codes for verification most of them (8-9) out of the blue. I'm only using Outlook 2016 and logged online once or twice.

G

I am piloting MFA and having the exact same experience. Random SMS texts telling me to authenticate on my phone, or multiple SMS alerts when firing up my laptop.

 

in ADFS 2019, there is this

 

  • Bug fix: Persistent SSO state for Win10 devices when doing PRT auth This addresses an issue where MFA state was not persisted when using PRT authentication for Windows 10 devices. The result of the issue was that end users would get prompted for 2nd factor credential (MFA) frequently. The fix also makes the experience consistent when device auth is successfully performed via client TLS and via PRT mechanism.

 

not sure if the above fixes it

 

but i can't recommend rolling it out like this. I will have to look at alternative vendors. 

 

 

 

 

Related Conversations