B2C Blocks user because of "bad reputation"

asked 2023-01-04T14:57:58.427+00:00
Mateusz Łucjanek 1 Reputation point

I'm investigating issue where one singular user cannot finish SMS verification because of bad reputation.
The only reason i could find in audit logs is: "Phone number has bad reputation, blocking.".

This incident did not trigger Risk detection, user is not marked as risky user.
I can't find any hint of what caused issue or how to remedy it.

Please advice

Azure Active Directory External Identities
No comments
{count} votes

3 answers

Sort by: Most helpful
  1. answered 2023-01-04T16:18:21.19+00:00
    Dillon Silzer 33,171 Reputation points

    Hi @Mateusz Łucjanek

    As per a similar topic found at https://learn.microsoft.com/en-us/answers/questions/1090554/azure-b2c-unblock-phone-number.html

    Microsoft may limit repeated authentication attempts that are perform by the same user in a short period of time.

    A way to prevent this issue is:

    However this limitation does not apply to the Microsoft Authenticator or verification code. If your users have hit these limits, they can use the Authenticator App, verification code or try to sign in again in a few minutes.

    There is not much you can do to prevent a phone number receiving "bad reputation". It is a matter of Microsoft's system preventing flooding to their services. As stated, you can use the Authenticator App as a workaround.


    If this is helpful please accept answer.

    No comments

  2. answered 2023-01-05T07:59:27.487+00:00
    Mateusz Łucjanek 1 Reputation point

    Hi I've seen this answer but it doesn't seem correct.

    This is fresh account, there were 12 login attempts in span of 80 minutes.

    Of those 12 attempts there were:
    0 "Phone verification code is incorrect"
    0 "Success"
    12 "Bad reputation".

    A way to prevent this issue is: (...)

    We don't have microsoft authenticator flow in this specific organization and we don't plan to add one, so we need another option to whitelist this specific phone number.

    By the way if this means too many requests what is the difference between this and "Verification Method Limit Reached. Throttling."?

    No comments

  3. answered 2023-01-05T08:26:28.693+00:00
    Givary-MSFT 11,336 Reputation points Microsoft Employee

    Hi @Mateusz Łucjanek

    Is only one specific user having this issue ? Please help me with the location of the user which country user belongs to ?

    Have you verified the issue with other browsers. Please help me with this information so that i can further investigate.

    Also, if you have any correlation id & time stamp from the audit logs, please share so that i can review further.