This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 36%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
We've started piloting a small group at our organization with number matching MFA, as Microsoft will enforce number matching in May 2023. We are NOT using conditional access, but are currently on per-user MFA.
Some iOS users have reported issues when they need to reauthenticate the Outlook app on their iPhones with Microsoft Authenticator installed. They are redirected from Outlook to Microsoft Authenticator to enter a password, and before the user is presented with a two-digit code, the notification prompts show up, completely covering the two-digit code needed for number matching.
User-submitted image - The two-digit code is hidden behind the prompt.
There is no option to temporarily hide the notification prompt or peek behind the notification. Maybe the app/geolocation displayed is causing the issue, but we would like to keep them displayed. You will be able to see the two-digit code once you select 'No, it's not me', but obviously the code is now invalid, and generating a new two-digit code will push new notification prompt to block the newly generated number.
The current workaround is to select "No it's not me", then hit "Get Codes", copy one-time passcode, "I can't use my Microsoft Authenticator app right now", then select OTP, then paste the code, but the workaround is not practical for average users. Good thing Outlook for iOS is logged in persistently but we expect to get more calls with the upcoming number matching deadline in May.
Has anyone experienced a number matching issue on Microsoft Authenticator with iOS? Just wait for MS to update the app?
A cloud-based identity and access management service for securing user authentication and resource access
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
We have seen this happen to a few users who have iPhones, so it is an issue. No problems with Android users. Has there been any progress on a fix?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 28.000000000000004%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBF%3C/text%3E%3C/svg%3E)
Just bottom justify the prompt and make it smaller or some similar simple fix. no need to overcomplicate it.
The users should be able to switch apps on the Iphone. Thats what I do when I see this and then switch back to the auth prompt to enter the numbers.
Unfortunately, that would not help, as the two-digit code populates within the Microsoft Authenticator app that generates the notification prompt, not within the Outlook app. Switching an app or previews in app switcher does not hide/dismiss the notification prompt.
When the Outlook app AND MS Authenticator are installed on the same iPhone, Outlook will redirect the user to Open MS Authenticator to enter the AAD password and populates a two-digit code within MS Authenticator, not within the Outlook app.
This is what you would see in the Outlook app when you are trying to sign in:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 18%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
How is this helpful when the number and the input box are both being displayed by the Authenticator app. Did Microsoft not test this on IOS?
I would be curious if this works better for you:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 53%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Without jumping through all the hoops to enable this, the actual sign-in dialog in the doc looks the same as the full Authenticator dialog, so I would suspect the issue is still a problem.
Update... The issue is still a problem 2+ months later. One workaround is that the dialog with the digits flies in from the right, so if you pay attention you can catch it after cancelling one time, but this is NOT something you can send out to 'train' folks on how to use it. The fact that the IOS 'Waiting' spinning dialog covers the exact digits is really a hoot (not!).
Yes… This is a real problem because I just had it. You can’t switch between the apps, because authenticator is actually showing both parts. There is an option to hide the code entry dialogue, which says it will hide it for 15 seconds, but iOS puts a timer or ‘waiting’ dialogue in front of the codes. I had to select the I can’t use authenticator right now dialog and get a text code.
Unfortunately, I haven't seen that or heard of any issues like that :(
We've had number matching enabled since it was first in preview and I haven't seen this, sorry.
With passwordless auth and number matching, it works really well for us. That may be the only difference, you are using passwords.