Oct 06 2018
05:53 AM
- last edited on
Jul 24 2020
01:53 AM
by
TechCommunityAP
Oct 06 2018
05:53 AM
- last edited on
Jul 24 2020
01:53 AM
by
TechCommunityAP
We have recently implemented MFA with a conditional access policy. We turned off the ability to receive texts/calls and are forcing the Authenticator app. This is causing issues when users need to re set up the account in the Authenticator app. I have had multiple scenarios this week where the Microsoft Authenticator app has stopped displaying the approve/deny message. The end users try to fix the issue themselves and will remove their accounts from the app and try to reenroll by going to myapps.microsoft.com and restarting the setup process. The problem lies in that even though they are visiting the portal from devices that are excluded from MFA via conditional access (Compliant/Hybrid AD Joined) the myapps.microsoft.com portal is still enforcing MFA to log in. Since they have removed their account from the application they can not authenticate to the portal. There is no alternate method since Phone/Text are disabled.
In order to get the end user back into the portal I have to go to the regular MFA Setup page, enable phone calls or texts, enable and enforce MFA on the end user, and they can finally get in to re-set up the account.
All of this could be fixed with a one time bypass for cloud!
Apr 25 2022 02:41 PM
@Robert Woods I have been using the Authenticator App for some time (shared Microsoft 365 file between another business and myself) and never had any issues until I upgraded from an Iphone 8 to an Iphone 13.
It says its sending me an approval, but nothing ever comes through. A couple of times, it even tells me i've denied access - which of course I'm not seeing any popups so confused for sure on that one. I've even attempted to add the 6 digit code that is under my account and it says its not a valid code.
I've uninstalled, reinstalled, rescanned the QR Code, etc. Nothing seems to be working. I've even been in hte apple store for a few hours and they couldn't figure it out either.
Need advise as this is a file I use on a pretty regular basis for my job.
May 13 2022 07:18 AM
I was able to solve the issue by just disabling iCloud backup inside the app settings and re-enabling it. For me it was not required to remove settings or the whole app to solve it.
Jun 28 2022 12:18 AM - edited Jun 28 2022 12:19 AM
@Robert WoodsWhen you connect an account to Microsoft Authenticator and enable multi-factor authentication, you will be able to sign in to your account via a code that shows up on the Authenticator app. The code changes every time Uk49s the timer exhausts. Because it’s a multi-factor authentication process, some websites will require you to sign in to your account using your password first.
Jun 30 2022 10:25 PM
It Looks Very Good.
Where do I change the priority to higher so that I receive the notification?
I was able to solve the issue by just disabling iCloud backup inside the app settings and re-enabling it. For me, it was not required to remove settings or the whole mobilepondit app to solve it.
Jul 14 2022 02:30 AM - edited Jul 14 2022 02:33 AM
Users can sometimes receive direct ‘Approve’ notifications on their Microsoft Authenticator app while logging in using multi-factor authentication. In such cases, all they have to do is tap on ‘Approve’ and the log-in process will be complete. There’s no need to enter codes. Organizations can enable this process for their employees. While signing in, you’ll see a message that a notification has been sent to your Authenticator app and you’ll have to ‘Approve’ it. But here’s where the issue is showing up Users aren’t getting approve notifications of any kind. So, they are stuck trying to log into the account.
Oct 23 2022 11:41 PM
@Robert Woods i tried all the steps you provided, i was able to log back in to mfa settings to restart the process , however im still stuck in step 2 because im still not getting the approval message to continue.. They tried to revoke my mfa to start all over again but still the same..
Nov 05 2022 12:35 PM
@Robert Woods so I had to change the number to another phone to get the code and then it said that bc I have tried to many times it still wouldn't let me log into my account!! Which has been very aggravating blog crime news bc it's prevented me from not just all my important emails, but also from being able to get into my HP Desktop also!
Dec 03 2022 08:06 PM
@aamiraltaf @Robert Woods I am also having the same issue. Recently got a new iPhone and erased all the data from my old phone. Attempted to log into my work account through Outlook, was prompted to authenticate my login through the Microsoft Authenticator App but no approve/deny message popped up. It’s also preventing me from accessing my account remotely on my work laptop because it’s asking me to authenticate my access through the app but no notification message is popping up.
Jan 10 2023 11:45 PM
Feb 06 2023 05:23 PM - edited Feb 06 2023 05:24 PM
@Robert Woods Honestly, I am living in this nightmare from the last September, when I got a new corporate account and laptop. The Authhenticator in Windows requests to authenticate in the App, which IS NOT EXISTENT!
There are no devices registered in the account to authenticate at, except the only laptop I am using.
I installed the Authenticator App on my Android, added the corp. account manually, so the mobile appeared at myaccount.microsoft.com. But it still does not send me requests to authenticate.
And on every problem it tells: "Don't have an app? Do you want to authenticate the other way? Then authenticate the other way in your Authentocator app"
And no support! Our admin mailed the support dept. 3 times, they said they will contact, and NOTHING! Silence!
If I get my hands on the one who designed it, he will not survive, get my word.
Mar 15 2023 06:53 AM
@Martin_Durec This was my problem and fixed it for me. Thanks so much! It was driving me mad.
Mar 27 2023 11:25 PM
If I remember correctly, I managed to solve this by deregistering the device and registering it back again.
Anyway, really annoying bug
Mar 28 2023 01:58 AM - edited Mar 28 2023 06:05 PM
How can you deregister something NOT REGISTERED?
It requests the Authenticator authentication, when there is THE ONLY laptop in the list, and nothing more!
I tried adding another Android device in the account cabinet manually. The accaunt finally appeared "greyed" on that device in the list of Authenticator accounts. But it still does not receive requests. Neither from the corporate IP, nor when I am connected to the mobile network.
The most awful here is that Microsoft support always promices to contact and does NOTHING.
This nuiscance, MS Authenticator, should be recalled, and the manager behind its release should be terminated.
It is a pure sabotage to any business activity!
Mar 28 2023 06:08 PM
Aug 31 2023 11:34 PM
@Robert Woods I have my notifications for the Authenticator app already turned on. However, it still didn't show the message, and only showed it when I pressed check for notifications and it came up immediately? is there any way to fix this?
Sep 25 2023 05:13 AM
Nov 02 2023 10:50 PM
Nov 27 2023 11:38 AM
Nov 27 2023 02:57 PM
My Authenticator app only works maybe 1 out of every 10 times (yes you read that correctly). I normally just have to send a text as I would say at this point the Authenticator app just DOESN'T WORK AT ALL. Which is very frustrating because it's the first/default option you get for two factor authentication, whereas I would prefer to just get a text because the Authenticator app doesn't work. I do not get approval messages to enter in the numbers rarely ever.
Nov 27 2023 05:24 PM - edited Nov 27 2023 05:33 PM
This will not work, because the problem is not in the app, but in the account server.
The server tries to send an auth request to non-existing devices. And when trying to register a device it does not appear in the list, neither the app gets an active record with options. When trying to delete such device from its app, only then it may finally appear as a disfunctional device in the device list at the server. So the only option is to call it "stolen" and even then, the server will keep asking to authenticate on some non-existing device.
The app/web dialog offers you an option "when authenticator is not available", but it leads again to the authenticator itself in the loop.
And yes, you can not get into the "security info" section, because it requires to authenticate in the app.
Absolutely ridiculous crapware instead of claimed security, creating only troubles.