Share via

B2C Identity Framework Email OTP MFA Issue

Britt Tucker 20 Reputation points
2026-02-13T16:38:55.33+00:00

Currently, we are experiencing issues with a subset of users not receiving Verification emails from B2C regarding multifactor authentication. This behavior is not consistent amongst users, applications, or timeframes. This behavior was first reported on 01/20/26. Multiple users have experienced these verification issues, and there is no discernable pattern.

 

In one example, a user did not receive their verification email until the early morning hours and only after multiple hours had passed, far exceeding the expiration time of the verification code. In most instances, users have reported not receiving any indication of an email. We do have an email list, but I wont post it here.

 

From our research, we have verified from our logs that these verification emails have been sent via the B2C tenant. We have also verified through our support team that the users experiencing these issues have not been blocking or diverting their messages to alternative folders such as Spam/Junk.

 

Likewise, because of these problems we have implemented a process to manually set the LastMfaTime values via azure API to ensure that these users can successfully access our applications.

 

DATA FLOW: 

                              

  1. User attempts to log in and are prompted to verify their account

User clicks the "Send verification code" implemented by our Custom Policy

Users should receive a verification email within a short period of time

However, users are not receiving emails, or are receiving these emails hours later

User contacts our organization's support desk to report the issues

Azure Cloud Services
Azure Cloud Services

An Azure platform as a service offer that is used to deploy web and cloud applications.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VEMULA SRISAI 13,025 Reputation points Microsoft External Staff Moderator
    2026-02-13T17:17:40.65+00:00

    Hello Britt Tucker,

    Thank you for providing a detailed description of the issue —that helps a lot.

    From what you’ve described, the behavior aligns with known cases where Azure AD B2C successfully sends the OTP email, but the message is delayed or filtered downstream at the recipient’s email provider. In similar situations, Microsoft’s audit logs showed the email was sent on time, but the receiving mail servers either greylisted, deferred, or silently filtered these verification emails, causing delays of several hours or preventing delivery entirely

    There have also been instances where Azure’s outbound mail pipeline experiences temporary slowdowns, causing OTP emails to “dribble in” long after the user requested them.

    Was this answer helpful?

  2. Q&A Assist
    2026-02-13T16:39:08.7466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The issue you are experiencing with users not receiving verification emails for multifactor authentication (MFA) in Azure AD B2C can be challenging to diagnose, especially when the behavior is inconsistent. Here are some potential areas to investigate:

    1. Email Delivery Issues: Since you have confirmed that the emails are being sent from the B2C tenant, consider checking if there are any issues with email delivery to the users' email providers. Sometimes, emails can be delayed or filtered out by the recipient's email server.
    2. Email Configuration: Ensure that your email configuration in Azure AD B2C is set up correctly. This includes verifying the sender email address and ensuring that it is not flagged as spam by email providers.
    3. Rate Limiting: If multiple users are attempting to receive verification codes simultaneously, there might be rate limiting in place that could delay email delivery. Monitor the logs to see if there are any patterns regarding the timing of requests.
    4. Custom Policies: Since you are using a custom policy, ensure that the policy is correctly configured to handle email sending. Review the policy for any potential misconfigurations that could affect the email sending process.
    5. User Feedback: Continue to gather feedback from users experiencing issues. If possible, ask them to check their email settings and any filters that may be affecting email delivery.
    6. Support from Microsoft: If the issue persists, consider reaching out to Microsoft support for further assistance. They may be able to provide insights based on their monitoring tools and logs.

    Implementing a manual process to set LastMfaTime values is a temporary workaround, but addressing the root cause of the email delivery issue is essential for a long-term solution.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.