This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 57.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Hi
I'm investigating issue where one singular user cannot finish SMS verification because of bad reputation.
The only reason i could find in audit logs is: "Phone number has bad reputation, blocking.".
This incident did not trigger Risk detection, user is not marked as risky user.
I can't find any hint of what caused issue or how to remedy it.
Please advice
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 94%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Our tenant is experiencing the same issue, but ALL users are getting the bad reputation response for a Blazor WASM website (SPA).
This is tenant specific also, a second tenant with the same phone numbers does not block. This was implemented by following the SMS sign-in examples on github. The workflow does validate the phone number is valid in the directory first before blocking, it warns of non-existent phone number instead of a reputation message.
These are all US/CA phone numbers, and users log in maybe a couple, three times a day. The exception being me, an admin that is also blocked, who may be in several times daily, depending. This does not seem like the volume expected to produce a bad reputation flag.
User sign-in logs show nothing, only a clientError log entry shows in the B2C audit logs, with no actionable information.
As per a similar topic found at https://learn.microsoft.com/en-us/answers/questions/1090554/azure-b2c-unblock-phone-number.html
Microsoft may limit repeated authentication attempts that are perform by the same user in a short period of time.
A way to prevent this issue is:
However this limitation does not apply to the Microsoft Authenticator or verification code. If your users have hit these limits, they can use the Authenticator App, verification code or try to sign in again in a few minutes.
There is not much you can do to prevent a phone number receiving "bad reputation". It is a matter of Microsoft's system preventing flooding to their services. As stated, you can use the Authenticator App as a workaround.
----------------------------------
If this is helpful please accept answer.
Hi I've seen this answer but it doesn't seem correct.
This is fresh account, there were 12 login attempts in span of 80 minutes.
Of those 12 attempts there were:
0 "Phone verification code is incorrect"
0 "Success"
12 "Bad reputation".
A way to prevent this issue is: (...)
We don't have microsoft authenticator flow in this specific organization and we don't plan to add one, so we need another option to whitelist this specific phone number.
By the way if this means too many requests what is the difference between this and "Verification Method Limit Reached. Throttling."?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Is only one specific user having this issue ? Please help me with the location of the user which country user belongs to ?
Have you verified the issue with other browsers. Please help me with this information so that i can further investigate.
Also, if you have any correlation id & time stamp from the audit logs, please share so that i can review further.
Hi
I don't really know how to DM it to you so CorrelationId for first Bad Reputation: a57d2bbf-2deb-4ee3-9ada-603897e6ef61.
User is from NO - same as 99,9% of users, and is using Chrome browser.
@Mateusz Łucjanek Thank you for the details, let me investigate and revert back.
Help me with the chrome browser version, what happens when the user using edge or firefox does he report the same issue.
NO means - Norway right ? Need timestamp as well for the above correlation id. Also, share my contact details below.
Hi @Mateusz Łucjanek Thank you for sharing the details offline, worked with our engineering team, they have whitelisted the ip ( information found from the audit logs), would request you to re-check with the end user to perform sign up again and verify the same and update me the outcome.
Let me know if you have any further questions, please feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 66%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEZ%3C/text%3E%3C/svg%3E)
Hello, We are getting this error for all users through our Web App, I'm passing the response below, all the solutions we tried did not work, and also no modifications were made to the B2C AD and the application.
{
"status": "400",
"errorCode": "UserMessageIfBadReputation",
"message": "Your Phone number has bad reputation, blocking."
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 3%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKF%3C/text%3E%3C/svg%3E)
Hi Givary,
We are facing the same issue with our client, a few of the numbers (in different regions) have been blocked as bad reputations.
Is there a process to get those numbers whitelisted?