Troubleshooting MFA Microsoft Authenticator issue

Question

Our user prefers Microsoft Authenticator to make a call instead of sending text messages for authentication, but after confirming authentication at the first prompt, the app redirects her to a download page, preventing her from fully authenticating and accessing her M365 apps. Is there a missing setting in Intune/Entra that we need to adjust? Thank you. -J

Answer 1

@Jason Steeprow

Thank you for posting your question in Microsoft Q&A.

In Microsoft Entra portal there is a feature known as “Registration campaign”. If this feature is enabled, you can nudge users to set up Microsoft Authenticator during sign-in. Users go through their regular sign-in, perform multifactor authentication as usual, and then get prompted to set up Microsoft Authenticator.

You can also refer to below article,

https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-registration-campaign

Looks like this setting is turned ON in your tenant. To check this setting follow below steps,

• Login to Entra.microsoft.com with global admin credentials.
• Expand option “protection” and then click on “Authentication methods”.
• Click on “registration campaign”.
• Check if the setting is enabled or disabled.

 

• If this is set to enabled, you can set this to disabled.
• Post that you can click on “Policies” on the left pane.
• You will see all the MFA policies.
• You can click on “voice call” policy and enable the same.
• Also, you can disable “SMS” policy since you want to use phone call as MFA instead of SMS.

 This will help you in fixing the issue that you are facing.

Let me know if you have any further questions on this.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.