User reports Microsoft Authenticator prompt 'ROJMP' - Logging does not show any attempts

80463912 0 Reputation points
2023-05-22T08:33:29.9633333+00:00

Hi all,

We recently got a call from a user who said he got a Microsoft Authenticator authentication prompt for something called 'ROJMP'. He did not know what it was for so he declined the prompt and, to be safe, he changed his passwords.

He only uses his work related accounts for Authenticator and confirmed that it was Microsoft Authenticator that sent the prompt. I checked his sign-in attempts (interactive and non-interactive) but nothing is showing up in the timeframe in which the prompt happened.

What could have caused Microsoft Authenticator to send out an authentication prompt? Does someone know what ROJMP means (could it be a Microsoft internal thing)?

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
325 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
149 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fiona Matu 81 Reputation points Microsoft Employee
    2024-02-24T17:32:08.57+00:00

    Hi,

    The Microsoft Authenticator prompt might have been triggered by a process or service that attempted to authenticate using the user's credentials. The 'ROJMP' doesn't seem to be a known Microsoft term or error code, so it's possible that it was specific to the application or service that initiated the authentication attempt.

    The reason why the attempt didn't show up in the sign-in logs might be because the user declined the prompt so no actual sign-in was performed.

    To investigate this further, you could:

    • Ask the user for more details about what they were doing at the time they received the prompt.
    • Check if there are any applications or services the user has access to that might use this type of authentication.
    • Review the user's device for any unusual applications or processes.
    • Check if other users have experienced similar prompts.

    If you still can't identify the source, consider reaching out to Microsoft Support for assistance.

    0 comments