cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

C_H_Q
Copper Contributor

‎May 12 2023 06:40 AM

‎May 12 2023 06:40 AM

Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

Good Morning All,

 

Our company recently made the change from Microsoft Authenticator to utilizing Duo through ADFS for our 365 MFA solution. The deployment was a success but we have noticed an issue involving all of our users who have iPhones and issues they run into when trying to sign into any of their Office 365 apps on their phone.

 

Any user who goes to sign in on their iPhone is being prompted for MFA by the Microsoft Authenticator despite the Authenticator being disabled as an option in our tenant. This seems to be the case on brand new phones as well if both the authenticator and another 365 product are installed on the phone. The login is usually successful and the Microsoft Authenticator is seemingly doing nothing but just prompting the user to approve the login but it has caused some issues for certain users by giving them failed logins.

 

We've found that removing the Authenticator app fixes this but that's not always a solution as some users have more than one account linked to the Microsoft Authenticator. Has anybody else run into this issue before and have you found any solutions to stop the Microsoft Authenticator from prompting users after switching to another MFA solution?

6,392 Views
0 Likes
5 Replies
Reply
5 Replies
eliekarkafy

‎May 12 2023 09:23 AM

‎May 12 2023 09:23 AM

Re: Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

you need to reset the authentication method for each user from the blade of users in AAD
0 Likes
Reply
C_H_Q

‎May 12 2023 11:35 AM

‎May 12 2023 11:35 AM

Re: Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

@eliekarkafy Thank you for the insight! I hate to ask but do you know if there is possibly a powershell script to automate this a bit more rather than going through each user individually? Asking if Microsoft has one published, not asking you to write one for me.

0 Likes
Reply
eliekarkafy

‎May 12 2023 11:44 AM

‎May 12 2023 11:44 AM

Re: Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

yes you can do that via PowerShell using the below command. you just need to read the UPN from a csv file and add for each in your script

Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName email address removed for privacy reasons

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
0 Likes
Reply
Kidd_Ip

‎May 13 2023 10:30 PM

‎May 13 2023 10:30 PM

Re: Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

@C_H_Q 

Yes, would suggest to take look MFA setting under AAD

0 Likes
Reply
EntArc19

‎Jun 08 2023 01:52 PM

‎Jun 08 2023 01:52 PM

Re: Microsoft Authenticator Still Prompts Users for MFA after Switching to new MFA option on IPhones

Yes, this is also the case with a small population of our users, and it's caused quite a bit of chatter. I have also tried the suggested remedies mentioned here with some limited success. If a user is a guest in other tenants, that may also complicate matters or have several MACOS devices they toggle between. I will review these suggestions again as this issue came up with a complaint again today after a period of calm.
0 Likes
Reply