How to troubleshoot excessive MFA prompts

%3CLINGO-SUB%20id%3D%22lingo-sub-1386292%22%20slang%3D%22en-US%22%3EHow%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386292%22%20slang%3D%22en-US%22%3E%3CP%3EI%20received%20a%20call%20today%20for%20one%20user%20that%20experience%20an%20excessive%20amount%20of%20MFA%20prompts.%26nbsp%3BWe%20have%20MFA%20deployed%20via%20a%20conditional%20access%20rule.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20at%20the%20sign-ins%20report%20for%20this%20user%20we%20have%20confirmed%20the%20IPs%20that%20i%20see%20is%20his%20external%20IP%20but%20there%20is%20a%20lot%20of%20failures%20and%20interrupted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHis%20MFA%20settings%20is%20to%20be%20notified%20via%20the%20phone%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20I%20troubleshoot%20this%3F%20I%20would%20typically%20ask%20people%20to%20reboot%20and%20then%20im%20not%20sure%20if%20we%20should%20go%20in%20and%20just%20reset%20the%20authenticator%20app%20and%20redo%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmfasetup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fmfasetup%3C%2FA%3E%26nbsp%3Bwhere%20we%20remove%20the%20apps%20that%20he%20has%20setup%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20really%20have%20no%20idea%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Craig_Bryant_SignIns.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191316i0B507A135B30A0A4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Craig_Bryant_SignIns.png%22%20alt%3D%22Craig_Bryant_SignIns.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1386292%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emfa%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386442%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386442%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F632351%22%20target%3D%22_blank%22%3E%40RippieUK%3C%2FA%3E%26nbsp%3BHello%20Ronnie%2C%20we%20have%20a%20lot%20of%20experts%20on%20MFA%20and%20CA%20in%20the%20community%2C%20so%20I'm%20just%20gonna%20suggest%20to%20revoke%20the%20sessions%20until%20someone%20gives%20you%20a%20detailed%20explanation%20%3B)%3C%2Fimg%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%23manage-user-authentication-options%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-userdevicesettings%23manage-user-authentication-options%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386460%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386460%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BHi%20there%2C%20thank%20you%20for%20that.%20I%20have%20never%20really%20thought%20about%20giving%20that%20a%20try.%26nbsp%3B%20thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1392670%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20troubleshoot%20excessive%20MFA%20prompts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1392670%22%20slang%3D%22en-US%22%3EDid%20resetting%20user's%20session%20solve%20your%20issue%3F%20If%20not%2C%20do%20you%20have%20any%20further%20details%3F%20Do%20these%20prompts%20happen%20randomly%20or%20on%20a%20specific%20action%3F%20What%20are%20your%20conditions%20in%20CA%20for%20this%20user%20%2F%20device%3F%20Have%20you%20tried%20exiting%20the%20apps%20that%20might%20auth%20in%20background%20(such%20as%20OneDrive%20client%3F%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I received a call today for one user that experience an excessive amount of MFA prompts. We have MFA deployed via a conditional access rule.

 

Looking at the sign-ins report for this user we have confirmed the IPs that i see is his external IP but there is a lot of failures and interrupted.

 

His MFA settings is to be notified via the phone app.

 

How do I troubleshoot this? I would typically ask people to reboot and then im not sure if we should go in and just reset the authenticator app and redo the https://aka.ms/mfasetup where we remove the apps that he has setup??

 

I really have no idea :)

 

Craig_Bryant_SignIns.png

3 Replies
Highlighted

@RippieUK Hello Ronnie, we have a lot of experts on MFA and CA in the community, so I'm just gonna suggest to revoke the sessions until someone gives you a detailed explanation ;) https://docs.microsoft.com/bs-latn-ba/azure/active-directory/authentication/howto-mfa-userdevicesett...

Highlighted

@bec064 Hi there, thank you for that. I have never really thought about giving that a try.  thank you

Highlighted
Did resetting user's session solve your issue? If not, do you have any further details? Do these prompts happen randomly or on a specific action? What are your conditions in CA for this user / device? Have you tried exiting the apps that might auth in background (such as OneDrive client?