User Sign In logs, show Single-factor authentication for Windows Sign In

HellowWord 5 Reputation points
2024-07-03T04:11:41.0433333+00:00

We have some Azure users showing failures on "Single-factor authentication" every day.

We have disabled all per user MFA, enforced users with conditional access policies.

However, we still see the "Single-factor authentication" failure in some users sign logs.

Authentication requirement :Single-factor authentication

Authentication method : Windows Hello for Business

Sign-in error code : 1400001

Failure reason : Request nonce is not provided.

signlog.jpg

signlog2.jpg

signlog3.jpg

signlog4.jpg

Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} vote

3 answers

Sort by: Most helpful
  1. Nikit Patiyawala 0 Reputation points
    2024-07-03T05:47:24.4233333+00:00

    Hi,

    Have you check if user account is getting locked out during that period? Is this particularly from single device or multiple device users tried login? I suspect any configuration issues in user profile causing multiple attempts and giving this errors.


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  3. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2024-07-04T09:27:27.9166667+00:00

    @HellowWord Thank you for reaching out to us, As I understand you are investigating on this

    Sign-in error code : 1400001 Failure reason : Request nonce is not provided. & Authentication method : Windows Hello for Business

    This happens/expected when users can provision WHfB (windows hello for business) credentials, but when they attempt to use them to acquire a PRT, sign-in fails.

    Do you have Windows hello configured in the environment? if yes can you help what kind of configuration is deployed in your environment - https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/

    Do you see for all users the above mentioned error code in the sign in logs?

    Let me know if you have any questions, feel free to post back.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.