Troubleshooting MFA Microsoft Authenticator issue

Jason Steeprow 25 Reputation points
2023-10-02T20:13:29.03+00:00

Our user prefers Microsoft Authenticator to make a call instead of sending text messages for authentication, but after confirming authentication at the first prompt, the app redirects her to a download page, preventing her from fully authenticating and accessing her M365 apps. Is there a missing setting in Intune/Entra that we need to adjust? Thank you. -J

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,626 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,458 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,801 questions
0 comments No comments
{count} vote

Accepted answer
  1. Sandeep G-MSFT 14,916 Reputation points Microsoft Employee
    2023-10-03T08:25:01.09+00:00

    @Jason Steeprow

    Thank you for posting your question in Microsoft Q&A.

    In Microsoft Entra portal there is a feature known as “Registration campaign”. If this feature is enabled, you can nudge users to set up Microsoft Authenticator during sign-in. Users go through their regular sign-in, perform multifactor authentication as usual, and then get prompted to set up Microsoft Authenticator.

    You can also refer to below article,

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign

    Looks like this setting is turned ON in your tenant. To check this setting follow below steps,

    • Login to Entra.microsoft.com with global admin credentials.
    • Expand option “protection” and then click on “Authentication methods”.
    • Click on “registration campaign”.
    • Check if the setting is enabled or disabled.

    User's image

     

    • If this is set to enabled, you can set this to disabled.
    • Post that you can click on “Policies” on the left pane.
    • You will see all the MFA policies.
    • You can click on “voice call” policy and enable the same.
    • Also, you can disable “SMS” policy since you want to use phone call as MFA instead of SMS.

     This will help you in fixing the issue that you are facing.

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful