How to troubleshoot excessive MFA prompts

%3CLINGO-SUB%20id%3D%22lingo-sub-1386442%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386442%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F632351%22%20target%3D%22_blank%22%3E%40RippieUK%3C%2FA%3E%26nbsp%3BHello%20Ronnie%2C%20we%20have%20a%20lot%20of%20experts%20on%20MFA%20and%20CA%20in%20the%20community%2C%20so%20I'm%20just%20gonna%20suggest%20to%20revoke%20the%20sessions%20until%20someone%20gives%20you%20a%20detailed%20explanation%20%3B)%3C%2Fimg%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%23manage-user-authentication-options%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%23manage-user-authentication-options%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386460%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386460%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BHi%20there%2C%20thank%20you%20for%20that.%20I%20have%20never%20really%20thought%20about%20giving%20that%20a%20try.%26nbsp%3B%20thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1392670%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1392670%22%20slang%3D%22en-US%22%3EDid%20resetting%20user's%20session%20solve%20your%20issue%3F%20If%20not%2C%20do%20you%20have%20any%20further%20details%3F%20Do%20these%20prompts%20happen%20randomly%20or%20on%20a%20specific%20action%3F%20What%20are%20your%20conditions%20in%20CA%20for%20this%20user%20%2F%20device%3F%20Have%20you%20tried%20exiting%20the%20apps%20that%20might%20auth%20in%20background%20(such%20as%20OneDrive%20client%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386292%22%20slang%3D%22en-US%22%3EHow%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386292%22%20slang%3D%22en-US%22%3E%3CP%3EI%20received%20a%20call%20today%20for%20one%20user%20that%20experience%20an%20excessive%20amount%20of%20MFA%20prompts.%26nbsp%3BWe%20have%20MFA%20deployed%20via%20a%20conditional%20access%20rule.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20at%20the%20sign-ins%20report%20for%20this%20user%20we%20have%20confirmed%20the%20IPs%20that%20i%20see%20is%20his%20external%20IP%20but%20there%20is%20a%20lot%20of%20failures%20and%20interrupted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHis%20MFA%20settings%20is%20to%20be%20notified%20via%20the%20phone%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20I%20troubleshoot%20this%3F%20I%20would%20typically%20ask%20people%20to%20reboot%20and%20then%20im%20not%20sure%20if%20we%20should%20go%20in%20and%20just%20reset%20the%20authenticator%20app%20and%20redo%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmfasetup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fmfasetup%3C%2FA%3E%26nbsp%3Bwhere%20we%20remove%20the%20apps%20that%20he%20has%20setup%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20really%20have%20no%20idea%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Craig_Bryant_SignIns.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191316i0B507A135B30A0A4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Craig_Bryant_SignIns.png%22%20alt%3D%22Craig_Bryant_SignIns.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1386292%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274761%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274761%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F45025%22%20target%3D%22_blank%22%3E%40Vikram%20V%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EI'm%20currently%20facing%20the%20same%20issue%20with%20my%20own%20account.%20Interestingly%20enough%2C%20I've%20no%20such%20issues%20in%20a%20VMware%20virtual%20machine%20running%20on%20the%20very%20same%20physical%20machine...%20Reviewing%20the%20sign%20in%20activities%20of%20my%20account%20on%20portal.azure.com%2C%20I've%20noticed%20quite%20a%20lot%20of%20%22interrupted%22%20entries%20with%20%22%3CSPAN%3EStrong%20Authentication%20is%20required.%22%20as%20the%20failure%20reason.%20Any%20ideas%3F!%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274776%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274776%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%20wow%20this%20was%20an%20old%20conversation!%20Any%20chance%20you're%20using%20legacy%20authentication%20protocols%20not%20supporting%20MFA%20(not%20using%20modern%20authentication)%20or%20any%20other%20scenario%20related%20to%20not%20satisfying%20MFA%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20this%20be%20your%20error%20code%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAADSTS50074%20UserStrongAuthClientAuthNRequiredInterrupt%20-%20Strong%20authentication%20is%20required%20and%20the%20user%20did%20not%20pass%20the%20MFA%20challenge.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Freference-aadsts-error-codes%23aadsts-error-codes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20authentication%20%26amp%3B%20authorization%20error%20codes%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2276550%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2276550%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40ChristianBergstrom%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooks%20like%20I%20finally%20found%20kind%20of%20a%20fix%20for%20the%20issue.%20At%20first%20I%20tried%20revoking%20my%20MFA-sessions%20and%20re-registered%20for%20MFA%2C%20but%20that%20didn't%20have%20the%20desired%20effect%20-%20the%20excessive%20MFA%20prompts%20persisted.%3CBR%20%2F%3EHowever%2C%20in%20addition%20to%20my%20laptop%2C%20I%20also%20have%20a%20PC%20registered%20with%20my%20account%20running%20in%20one%20of%20our%20offices.%20Minor%20side-note%3A%20The%20(fixed)%20public%20IP-address%20of%20the%20office%20is%20listed%20as%20a%20trusted%20IP%20in%20Azure%20AD.%3CBR%20%2F%3ENow%20it%20seems%20like%20a%20simple%20reboot%20of%20that%20machine%20has%20fixed%20the%20issue%20which%20I%20encountered%20on%20my%26nbsp%3Blaptop.%20Sounds%20kind%20of%20weird%2C%20but%20maybe%20somebody%20else%20can%20shed%20some%20light%20on%20this%3F!%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

I received a call today for one user that experience an excessive amount of MFA prompts. We have MFA deployed via a conditional access rule.

 

Looking at the sign-ins report for this user we have confirmed the IPs that i see is his external IP but there is a lot of failures and interrupted.

 

His MFA settings is to be notified via the phone app.

 

How do I troubleshoot this? I would typically ask people to reboot and then im not sure if we should go in and just reset the authenticator app and redo the https://aka.ms/mfasetup where we remove the apps that he has setup??

 

I really have no idea :)

 

Craig_Bryant_SignIns.png

6 Replies

@RippieUK Hello Ronnie, we have a lot of experts on MFA and CA in the community, so I'm just gonna suggest to revoke the sessions until someone gives you a detailed explanation ;) https://docs.microsoft.com/bs-latn-ba/azure/active-directory/authentication/howto-mfa-userdevicesett...

@ChristianBergstrom Hi there, thank you for that. I have never really thought about giving that a try.  thank you

Did resetting user's session solve your issue? If not, do you have any further details? Do these prompts happen randomly or on a specific action? What are your conditions in CA for this user / device? Have you tried exiting the apps that might auth in background (such as OneDrive client?

@Vikram V 
I'm currently facing the same issue with my own account. Interestingly enough, I've no such issues in a VMware virtual machine running on the very same physical machine... Reviewing the sign in activities of my account on portal.azure.com, I've noticed quite a lot of "interrupted" entries with "Strong Authentication is required." as the failure reason. Any ideas?!? 

Hello, wow this was an old conversation! Any chance you're using legacy authentication protocols not supporting MFA (not using modern authentication) or any other scenario related to not satisfying MFA?

 

Could this be your error code?

 

AADSTS50074 UserStrongAuthClientAuthNRequiredInterrupt - Strong authentication is required and the user did not pass the MFA challenge.

 

Azure AD authentication & authorization error codes | Microsoft Docs

@ChristianBergstrom 

 

Looks like I finally found kind of a fix for the issue. At first I tried revoking my MFA-sessions and re-registered for MFA, but that didn't have the desired effect - the excessive MFA prompts persisted.
However, in addition to my laptop, I also have a PC registered with my account running in one of our offices. Minor side-note: The (fixed) public IP-address of the office is listed as a trusted IP in Azure AD.
Now it seems like a simple reboot of that machine has fixed the issue which I encountered on my laptop. Sounds kind of weird, but maybe somebody else can shed some light on this?! :D