The resolution that I have found that currently works is as follows. This is helpful if you do not want to delete the Microsoft Authenticator as you have multiple accounts already added into it.
A Global Admin will first need to do the following through Entra.
- Revoke All Sign-in Sessions
- Require a Re-registration of MFA
- Connect to an Elevated session of PowerShell
- Install or Connect to MSOL Services
a. Install - https://learn.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0
b. run the following script: Set-MsolUser -UserPrincipalName username@your_tenant.onmicrosoft.com -StrongAuthenticationMethods @()
*My suggestion is to run this command 3 times consecutively to ensure that it clears out all Strong Auth Methods for the particular user. - After this the user should be able to add the account successfully through the Microsoft Authenticator