Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

Copper Contributor

Good Morning All,


Our company recently made the change from Microsoft Authenticator to utilizing Duo through ADFS for our 365 MFA solution. The deployment was a success but we have noticed an issue involving all of our users who have iPhones and issues they run into when trying to sign into any of their Office 365 apps on their phone.


Any user who goes to sign in on their iPhone is being prompted for MFA by the Microsoft Authenticator despite the Authenticator being disabled as an option in our tenant. This seems to be the case on brand new phones as well if both the authenticator and another 365 product are installed on the phone. The login is usually successful and the Microsoft Authenticator is seemingly doing nothing but just prompting the user to approve the login but it has caused some issues for certain users by giving them failed logins.


We've found that removing the Authenticator app fixes this but that's not always a solution as some users have more than one account linked to the Microsoft Authenticator. Has anybody else run into this issue before and have you found any solutions to stop the Microsoft Authenticator from prompting users after switching to another MFA solution?

5 Replies
you need to reset the authentication method for each user from the blade of users in AAD

@eliekarkafy Thank you for the insight! I hate to ask but do you know if there is possibly a powershell script to automate this a bit more rather than going through each user individually? Asking if Microsoft has one published, not asking you to write one for me.

yes you can do that via PowerShell using the below command. you just need to read the UPN from a csv file and add for each in your script

Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName email address removed for privacy reasons

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.


Yes, would suggest to take look MFA setting under AAD

Yes, this is also the case with a small population of our users, and it's caused quite a bit of chatter. I have also tried the suggested remedies mentioned here with some limited success. If a user is a guest in other tenants, that may also complicate matters or have several MACOS devices they toggle between. I will review these suggestions again as this issue came up with a complaint again today after a period of calm.