Login problems, continuously getting the same message

Copper Contributor

Every time i login on an app i get the same message: "More information required" "Your organization needs more information to keep you account secure".

 

Then i have the options to Use a different account or Learn more. I can just press Next and the message goes away.

 

1.jpg

 

After that i get another message: "Keep your account secure" "Your organization requires you to set up the following methods of proving who you are."

Below that, there is a message: "Success!" "Great job! You have successfully set up your security info. Choose "Done" to continu signing in". "Default sign-in method:"

 

2.jpg

 

When i press done, the message goes away. But i keep getting the 2 messages every time i change an app or even a menu option. So to be clear, this happens every time i switch apps. I.e. from Exchange to Azure, to Outlook. When i press "Next" and "Done" i get access to the app. But this is really annoying.

 

What am i doing wrong? I'm the admin of a small company, and i cannot figure out what setting i changed or need to change. The property "Enable Security Defaults" is already set to no.

12 Replies

@MHuberts 

 

I have the EXACT same issue with a customer of mine.  This is occurring for 2 users in a new tenant I setup but NOT to my admin account.  I have been holding off enabling MFA for the other users until this issue is resolved.  Were you able to get it fixed in 2021?  :)

 

Thanks!

@BClinton13 No, unfortunately not. I'm still getting this message every time I sign in.

@MHuberts Roger that.  I am actively trying to solve this so if I find the answer I will post here.  Thanks for letting me know.

@MHuberts, I have been working with my CSP and they had me turn off Self-Service Password Reset (Set to NONE). Oddly enough, this resolved the issue for one of my two users (after waiting 30 minutes). I am waiting to hear back from the other before I confirm 100% success. After they both report in that all is well, I am going to attempt to re-enable it and see if it re-breaks or stays fixed. Will update when I know.

Here are the instructions on enabling/disabling SSPR: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/let-users-reset-passwords?view=o365-w...
@BClinton13, it looks like this is working. Thanks! This is going to save me a lot of frustration.
Ahhh this resolved my issue too! Thanks for posting that. It was infuriating going around in little circles! It was also resolved the sign-in through PowerShell for me.

@Timon1585 

@MHuberts
I apologize for never posting back here.  I thought I would have an endgame solution for this but here we are almost 2 years later and it is still an issue.   Disabling SSPR while maintaining MFA still does resolve the issue but it means your users can't reset their own passwords.   I have determined it only affects users that have multiple identities (you can see this in Entra/formerly AAD).   All the tenant only users work perfectly no matter the configuration.  The ones who have Multiple identities ALL have the issue.  This is some backend thing with Microsoft.  I have had a ticket open since October of 2021 with MS and they would pretend about every 3 months they were going to implement a fix, then they would give me a reason they didn't do it.  Now I laugh whenever I get an update.  Microsoft 1 / Me 0 (the score is actually much worse than this but I will leave it at that for now).

 

Anyway, if any of you figure out how to remove extra identities or fix this in some other way, I look forward to hearing about it.  My hope right now is that when they do the policy merge between MFA and SSPR (supposedly Sept 30, 2024) that it will fix it then.  My nightmare is that it completely breaks our workaround though.

 

Hope you are all having your best weeks!

 

Thanks!

@MHuberts 

 

Any luck retrieving more insight from AAD signon logs?

I solved problem by "enable SSPR" for admin account which we turned off previously because of organizational policy. If user scoped in SSPR however admin SSPR policy disabled it will have problem as you described above. You can check if it disabled or not via MS Graph https://graph.microsoft.com/v1.0/policies/authorizationPolicy
"allowedToUseSSPR": false,
make it "true" then admins will be able to complete registration

@MekanM mine aren't admins.  My users with issues are any that were created in the "viral" tenant before I took ownership of it.  Their identities are now all considered "multiple" instead of tenant only.

 

Thanks for the thought though!

Anybody solve this? We use CA and MFA and Intune. Some users started getting this. We are a hybrid setup. Don't use SSPR and tried everything. I still see people posting about this 3yrs on now with this ridiculous product with terrible documentation and no clue except trial/error with long CA policy changes to determine if something works or not to resolve this. We are at the point of just turning it all off and canceling our licensing and moving to another platform entirely it has gotten so frustrating getting the most basic things working for security.

@Tech Logik I am still dealing with it.  Years later.