This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 96%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZA%3C/text%3E%3C/svg%3E)
I have users that are being FORCED to setup the MS Authenticator app to sign into cloud apps in a browser.
This is Microsoft's example screen and next to it is what my users are seeing. The Not now button is missing.
I do NOT have security defaults enabled.
I do NOT have conditional access policies enabled.
I can't force users to use a smartphone app if I don't pay for them to have a smart phone.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 10%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
This just started creeping up in our organization over the past few days, causing confusion.
Agree with your statement, "I can't force users to use a smartphone app if I don't pay for them to have a smart phone."
We have a few, more than a few, non-tech individuals.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 66%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You know what's worse? when I signed up to comment here, I'm FORCED to tick allow Microsoft to send offers, deals, etc else I can't proceed.
And Authenticator FORCED me to install EDGE else I can't view on smartphone. Upon installing EDGE the connection is CUT without any mention of Authenticator and loops me again to install EDGE as FORCED.
Biggest joke is... after logging in using AUTHENTICATOR Android, on my laptop it prompts me to force fed install AUTHENTICATOR again. Duh if I can login my EMAIL OTP via Authenticator means I already have it, why FORCEFED me with another AUTHENTICATOR part 2!!??!??!
Whoever created this should be shot. Worst irritating forceful app forcing companies to use it.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 84%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Microsoft is the worst ever company that is against open-source and freedom. No matter how much they contribute to open source deep inside they are against it. I just needed to log into my outlook mail. It forced me to download MS Authenticator app. Is there a reason why other Authenticator apps are not possible to be used in this case? Other tech companies allow other authenticator apps without any problems.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Microsoft has a policy inheritance rule for things they want to turn on for "marketing" and "customer adoption" of their lesser known software. In this case, it's authenticator. Conversely, I'm sure there are some large enterprises seeking to have a unified authenticator app for business use, hence the justification. The issue is that within each container/organization, Microsoft has tied the default setting to a "Microsoft managed" policy inheritance rule, see https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-default-enablement at the top in Purple, where MSFT turned this on in June of 2023, well started to roll it out. I've not been able to locate a full list of settings that default to policy inheritance from "Microsoft managed", it looks like it's only used in this marketing/user adoption push for the Microsoft Authenticator app. There are those of us who've been around since Group Policy and RSOP was a death sentence if you were doing it on paper, that's what this feels like. In this case there needs to be a clear list of RSOP based on Microsoft Managed, but alas I don't see a list of settings controlled via "Microsoft Managed" In any case, turn off Microsoft Managed (aka Microsoft marketing) and set to disable if you don't need the setting/feature enabled, but the trick is the setting is in "entra ID" management UI, not the default admin user management section. In entra id --> Identity --> Protection --> Authentication Methods, then review Policies, Registration Campaign, and Settings, make sure Microsoft Authenticator is turned off or disabled in all three (facepalm).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 40%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
I am furious that I am being forced to use authenticator in order to sync my notebooks. I am a business owner and make all of my own decisions. I am a paying customer who should be able to choose whether I want extra security. I can't figure out how to disable authenticator. When I have time to deal with this, I'm quitting Microsoft and using only when absolutely necessary!
Hello Zack,
Please go to Entra > Protection > Authentication methods > Registration campaign
Check whether Microsoft Authenticator is applied for All users. If so, you can change who it is applied to by clicking All users.
If this is helpful please accept answer.
That's right where it was!
Thanks so much for the quick reply. I've set it to just myself for now and might use it at a later date to roll it out.
Awesome! Have a great day!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 93%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I have a Similar Issue that users are being forced to Download the Microsoft Authenticator App even though we have text message for authentication purpose. Here are the screenshots of the Setting from my end: ScreenShot2.PNGScreenShot1.PNG
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 84%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
So how do we select no users? Because trust me, nobody wants to use your auth app, especially when its forced on us by default seemingly out of the blue. I suppose I could just select one throw away account but looks like "nobody" isnt an option. Clearing all users and attempting to save results in an error. TIA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Why is this greyed out and I can't change it? I have full admin rights.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 27%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
I disabled it and it seems to have worked so far.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 44%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Thanks a lot for this, it made one less frustrated Office user at our office :) It's curious that it seems impossible to disable enforcing of the app for all users, or that at least one user has to be forcibly enrolled in the Authenticator app. Thankfully we have users that use the app already, so I could set it to one of them.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 16%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
What the heck (I'll be nice here) is Entra? Never heard of it, but I see that there is a "Microsoft Entra admin center". It took me a while to find that out, but once I did....I was able to drill into Protection>> Authentication Methods >> Registration Campaign and then *disable the entire Registration Campaign by changing the State = Disabled.
This is another one of MS stupid ideas just to control the market and make more $$$
Please stop making changes that FORCE people to do things like this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 46%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
My sidebar menu looks completely different, there's no submenu called "Protection". I found it on the overview page under feature highlights > authentication methods.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 97%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHR%3C/text%3E%3C/svg%3E)
Thank you that was right there to change the settings.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 47%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZJ%3C/text%3E%3C/svg%3E)
The menu that Dillon Silzer mentioned was the correct location. But rather than changing the Included Users and Groups, what you can do/what I did was simply turn the State to Disabled (under settings, above the Included Users and Groups section. Still within the Registration Campaign tab.) Just a heads up to anyone running into this!
We did not have security defaults enabled, but had MFA enabled (and for some users, enforced) manually for specific users already. They already had MFA setup via text/phone call, yet were FORCED to setup with the Authenticator app until I disabled this. Just to further elaborate.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
+1, it is possible to disable this completely to avoid users having other 2nd Factor like SMS from getting prompt as mentioned here : https://learn.microsoft.com/en-us/answers/questions/1307030/changes-to-the-registration-campaign-feature-in-az
Sign in to the Microsoft Entra admin center as Authentication Policy Administrator or Global Administrator.
Browse to Protection > Authentication methods > Registration campaign and click Edit.
If we set to Disabled the Protection > Authentication methods > Registration campaign, will SMS continue to work after 20 octobre ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 83%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Except, now as a global admin, you can't even get to protection unless YOU YOURSELF have MS AUTHENTICATOR. There really is no way around it. I spent 7 hours yesterday working in my own personal tenancy and several customer tenant portals. This is a disaster. It doesn't help that they are constantly moving things in the admin portal.
I any case setting the STATE to DISABLED simply leaves the user accounts in the same state (requiring MFA even though modern and 2FA are both disabled on the tenant) but with NO auth method. The catch 22 is that now one can't be added with out re-enabling the policy, but no matter what method you setup as the default, MS authenticator takes precedent.
App passwords are broken - can't even be added anymore and it appears that whatever they have done to override the admin portal Modern/2FA/Per User security settings has made a mess everywhere and broken other settings in many other places.
Add to that the number of users who using any MS connected resource anywhere can accidentally end up with a "live" account associated to their work/school email, the insanity of OneDrive being almost impossible to block even in locked down AD environments, KiosK Mode in W11 lacking single APP and basically being impossible to lock down for no browser, etc. We won't even touch on the absurdity of trying to make a Windows machine actually even remotely HIPAA compliant. The forced Authenticator nonsense is basically the last straw for me.
I was a Microsoft Partner for decades. I am no longer and relish moving anything and everything that I can away from their platforms. I personally moved to a Mac ~5 years ago and will likely never own another Microsoft Desktop Operating system.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 4%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
This did not work. I am getting angry.
THANKS for this solution, I've been at my wits end for almost 2.5 weeks now, dealing with this MS authenticator 'enforcement' campagin by Microsoft.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 26%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECE%3C/text%3E%3C/svg%3E)
Not a great solution, if you have to log into use it, and can't log in. I also hate that Microsoft forces you to use their proprietary authenticator app, even if you disable it as one of the multi-Factor methods. There appears to be no alternative.
Microsoft sucks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 42%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
Hey all - OK, this fixed this for me today (01SE23). I did NOT have MFA/2FA enabled nor was Authenticator selected. So, like others here I have been DUMBFOUNDED by the FORCE on setting up Authenticator. So I found this setting which defaults to "Microsoft managed" for the System-preferred MFA. When I changed this to disabled, there is now a "Not now" option on the screen that would normally only give you the option to go to enable Authenticator. So you need to go to the Azure portal (here: https://portal.azure.com/) and then go to active directory. But from there follow the path at the top of this screen shot to find the spot to change the setting.
NOTE TO THOSE FINDING THIS, REMEMBER THIS COULD CHANGE AT ANY TIME - thanks Microsoft - sigh
I sincerely this helps someone as it is truly ANNOYING.
EDIT: Also, if you've already got users that want to get rid of Authenticator, you then need to go to the regular user portal where methods are selected and delete Authenticator from the list...
Keith
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 33%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
@Keith Jasinski That helped heaps.
I also needed to remove the "Registration Campaign > Authentication method > Microsoft Authenticator" by restricting it down to 1 user (inactive).
P.s. Microsoft you @#$%^ of *&^%$ *&%##%. - Sigh
@DefenestrateIT Good to know. I ended up doing that as well to prevent future changes. You could also have changed the state from Microsoft Managed to Not Now.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Thats not a solution. SMS is enabled there and users should be able to chose if both mehtods are enabled for all users. But its not. Suddenly all SMS users cannot login anymore because MS is forcing Atuhenticator.
How do i restore the old functionality where both is setup for allusers so that the user can choose?
This did not work. I am getting angry.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 14.000000000000002%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
As an admin on our account we've used 2fa for years but not forcing the Microsoft authentication app. Now I am unable to login without using it. We as a company do not use that application at all and am looking for a way to continue using the secure method we have setup for our users.
Does anyone have any advice on getting past this?
This is what is available for an Admin account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 30%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Hi All,
After lots of digging and panic attacks, I found the answer to stop force enrollment of MS Authenticator app. The answer worked for me as I had an agent that was stuck in the "Use MS Authenticator app" loop and was unable to sign into anything Microsoft related.
Update: Found the page here: Azure AD > Security > Authentication Methods
(I'm not with Microsoft. I am an independent contractor)
The directions for this don't seem to fit the new design for Azure AD.
Agree with Ken. I couldn't figure out how to match that up as that response was from 2018. Still haven't got it figured out yet...
Particularly irksome as it is MY email account that is being affected currently... don't piss off the admins Mr Microsoft...
Azure AD > Security > Authentication Methods <--- This is the way!
I just tested it and found the page that allows for SMS and Email verification methods. I agree that Microsoft keeps updating their site and changing the locations of everything. When I made the change (THIS PATH NO LONGER EXISTS), I found it under: Azure AD > Users > User Settings > MFA configuration
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 41%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
So this made me pretty angry. It's the end of the day and I have mission critical emails to deal with and suddenly I'm locked out of my account because of this forced use of the authenticator app.
I already had the app installed on my phone but with a different account. It took me about ten minutes to figure that out then another ten minutes to locate my password and login with my current account. It then took another ten minutes or so to figure out how to get the app to work. It kept telling me to contact my administrator which is me. I know other employees would never figure this out and would probably give up and go watch TV and then tell me after a couple days.
Finally after 30 wasted minutes I can access my email and start searching online for a way to disable this which led me here. So the above technique does work but it took additional time to figure it out.
Now I need to go in and ensure that two factor authentication is disabled across the board for all employees.
This is not the first time I've had to deal with this type of nonsense. I've used Google G Suite in the past and while not nearly as sophisticated it just works and saves me time.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 44%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I concur. This is certainly one of the more stupid things Microsoft has done. Aside from changing the layout of the portal page every 14 seconds. Now I can't even log in to find out what has changed since yesterday evening because I am forced to use the authenticator app. I am an MSP and I do NOT want to have that many clients tied to my cell phone. To make matters worse, I already have 2fa enabled. I had to put my code in to sign in, then I am forced to set up the app. Lick it Microsoft.
But here is the real kicker for this issue. Forcing the authenticator app doesn't in fact even add hardly any more protection. I have plenty of customers get hacked through that. So you are creating an unnecessary amount of stupid work for us admins.
I am in the same situation as you. I am the admin, who do I call since Microsoft wasn't responding? The steps in the link I posted was a little outdated but was able to muddle through enough to make it finally work and re-enable SMS and email as the primary method for delivering a verification code to my agents. Unfortunately, the issue caused a wave of issues and I wasn't able to post more than the link. Microsoft has been pulling the ol' "bait and switch" a lot lately.
Agreed. I am also the admin and was trying to log in, needed a text message and now trying to force me to use authenticator! WTF. No time to deal with this right now. MFA isn't even on! As others have said, I have users who I don't issue phones to so not realistic to tell them they have to load authenticator!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 24%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
I Concur!! This is BS! What a PITA!!