May 13 2020
- last edited on
Jan 14 2022
I received a call today for one user that experience an excessive amount of MFA prompts. We have MFA deployed via a conditional access rule.
Looking at the sign-ins report for this user we have confirmed the IPs that i see is his external IP but there is a lot of failures and interrupted.
His MFA settings is to be notified via the phone app.
How do I troubleshoot this? I would typically ask people to reboot and then im not sure if we should go in and just reset the authenticator app and redo the https://aka.ms/mfasetup where we remove the apps that he has setup??
I really have no idea :)
May 13 2020 06:44 AM - edited May 13 2020 06:45 AM
@RippieUK Hello Ronnie, we have a lot of experts on MFA and CA in the community, so I'm just gonna suggest to revoke the sessions until someone gives you a detailed explanation ;) https://docs.microsoft.com/bs-latn-ba/azure/active-directory/authentication/howto-mfa-userdevicesett...
May 15 2020 05:11 AM
Apr 15 2021 09:10 AM
I'm currently facing the same issue with my own account. Interestingly enough, I've no such issues in a VMware virtual machine running on the very same physical machine... Reviewing the sign in activities of my account on portal.azure.com, I've noticed quite a lot of "interrupted" entries with "Strong Authentication is required." as the failure reason. Any ideas?!?
Apr 15 2021 09:23 AM - edited Apr 15 2021 09:40 AM
Hello, wow this was an old conversation! Any chance you're using legacy authentication protocols not supporting MFA (not using modern authentication) or any other scenario related to not satisfying MFA?
Could this be your error code?
AADSTS50074 UserStrongAuthClientAuthNRequiredInterrupt - Strong authentication is required and the user did not pass the MFA challenge.
Apr 16 2021 03:03 PM
Looks like I finally found kind of a fix for the issue. At first I tried revoking my MFA-sessions and re-registered for MFA, but that didn't have the desired effect - the excessive MFA prompts persisted.
However, in addition to my laptop, I also have a PC registered with my account running in one of our offices. Minor side-note: The (fixed) public IP-address of the office is listed as a trusted IP in Azure AD.
Now it seems like a simple reboot of that machine has fixed the issue which I encountered on my laptop. Sounds kind of weird, but maybe somebody else can shed some light on this?! :D