A particular directories Azure Portal prompts for MFA but won't accept it

Question

A particular directories Azure Portal prompts for MFA but won't accept it

catmanjan 61

I can't log into Azure Portal for a particular directory. This was working last week.

Before you respond, I only have a single account and one mobile phone with Microsoft Authenticator and nothing has changed in years. I am a developer with a lot of experience and I am not doing anything wrong, there is genuinely something wrong with my account. My account has always been SSO, I am posting from the same account I am using for Azure Portal. I have reset my password, I have reinstalled and re-reigstered Microsoft Authenticator, logged out, tried different browsers.

If I go directly to one directory my account logs in just fine, but if I try to switch directory to this other Azure Portal I get prompted to enter a code (this usually doesn't happen, I am usually asked to type in 2 digits into my phone) no matter which code I enter from Microsoft Authenticator it does not work.

User's image

Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-13T23:30:21.45+00:00

Hello @catmanjan,

In this scenario, to understand this issue and to further troubleshoot this issue, could you please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.
TP 111.8K Reputation points

2025-03-14T00:00:18.0766667+00:00

Same thing happened to me today. Signed in to Azure directory with MFA enforcement postponed to March 15, 2025, using account that MFA properly set up with Authenticator, and instead of number match it requested code (as in your screenshot).

I went to Authenticator, tapped on that account, and entered One-time password code shown on the screen. I went to the MFA enforcement page and it said it was enforced for all users as of March 13, 2025 (it was supposed to be enforced starting March 15, 2025).

Signed out, back in, and got number match screen on Authenticator as expected.
Raja Pothuraju 18,350 Reputation points Microsoft External Staff

2025-03-14T06:15:39.5566667+00:00

Hello @catmanjan,

Thank you for sharing required details over private message.

I see you are unable to login into your account due to incomplete of MFA.

When I checked on my end, I see there are multiple global administrator user accounts are there in the tenant. As you are not able to login into your work or school account due to incomplete of MFA. In this situation, you need to contact your other Global administrator to reset your MFA registration.

Please share these steps with your admin team to reset your MFA.

To manage user settings, complete the following steps:

1.Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.

2.Browse to Identity > Users > All users.

3.Choose the user you wish to perform an action on and select Authentication methods. At the top of the window, then choose “Require re-register MFA” options for the user.

Then you can login back to Azure Portal and register with new MFA auth method.

Please let me know if you would like to know more details on this issue. We can take this discussion offline.
Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-17T22:54:12.6066667+00:00

Hello @catmanjan,

I am following up to check whether if you have shared the above steps suggested by @Raja Pothuraju to your Global Admin team to reset MFA for your user account.

Please let us know the results after Global admin performs the above mentioned steps to reset MFA for your user account.

I am looking forward to your response.
catmanjan 61 Reputation points

2025-03-17T22:55:50.3066667+00:00

Yes we ended up resetting MFA in the other directory, I had no idea that if you are in a guest in another directory you could be subject to ANOTHER set of MFA prompts

1 answer

Your answer

Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-13T23:30:21.45+00:00

Hello @catmanjan,

In this scenario, to understand this issue and to further troubleshoot this issue, could you please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.
TP 111.8K Reputation points

2025-03-14T00:00:18.0766667+00:00

Same thing happened to me today. Signed in to Azure directory with MFA enforcement postponed to March 15, 2025, using account that MFA properly set up with Authenticator, and instead of number match it requested code (as in your screenshot).

I went to Authenticator, tapped on that account, and entered One-time password code shown on the screen. I went to the MFA enforcement page and it said it was enforced for all users as of March 13, 2025 (it was supposed to be enforced starting March 15, 2025).

Signed out, back in, and got number match screen on Authenticator as expected.
Raja Pothuraju 18,350 Reputation points Microsoft External Staff

2025-03-14T06:15:39.5566667+00:00

Hello @catmanjan,

Thank you for sharing required details over private message.

I see you are unable to login into your account due to incomplete of MFA.

When I checked on my end, I see there are multiple global administrator user accounts are there in the tenant. As you are not able to login into your work or school account due to incomplete of MFA. In this situation, you need to contact your other Global administrator to reset your MFA registration.

Please share these steps with your admin team to reset your MFA.

To manage user settings, complete the following steps:

1.Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.

2.Browse to Identity > Users > All users.

3.Choose the user you wish to perform an action on and select Authentication methods. At the top of the window, then choose “Require re-register MFA” options for the user.

Then you can login back to Azure Portal and register with new MFA auth method.

Please let me know if you would like to know more details on this issue. We can take this discussion offline.
Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-17T22:54:12.6066667+00:00

Hello @catmanjan,

I am following up to check whether if you have shared the above steps suggested by @Raja Pothuraju to your Global Admin team to reset MFA for your user account.

Please let us know the results after Global admin performs the above mentioned steps to reset MFA for your user account.

I am looking forward to your response.
catmanjan 61 Reputation points

2025-03-17T22:55:50.3066667+00:00

Yes we ended up resetting MFA in the other directory, I had no idea that if you are in a guest in another directory you could be subject to ANOTHER set of MFA prompts

Answer 1

Hello @catmanjan,

Thank you for your response.

Yes if the MFA has been enabled for your user account in the tenant where you are trying to switch to, MFA prompt will occur from that tenant as well.

Also if the MFA has been enabled for the guest user in both the Home tenant(tenant where the user is originally created) as well as the Resource tenant(tenant where the user is invited as a guest user) , then that guest user will get two MFA prompts, one from the Home tenant and another one from Resource tenant.

Note

You also can configure cross-tenant access settings to trust the MFA from the Microsoft Entra home tenant. This allows external Microsoft Entra users to use the MFA registered in their own tenant rather than register in the resource tenant.

For more additional information, please refer to the below document for your reference.

Tutorial - multifactor authentication for B2B - Microsoft Entra External ID | Microsoft Learn

Below are the steps to revoke the existing MFA sessions and reset the MFA for the users.

To manage user settings, complete the following steps:

1.Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.

2.Browse to Identity > Users > All users.

3.Select the user you want to revoke the current MFA sessions and reset the MFA and select Authentication methods. At the top of the window, please select “Require re-register multifactor authentication” option for the user. Please refer to the below Screenshot for your reference.

Screenshot of manage authentication methods from the Microsoft Entra admin center. Then you can login back to Azure Portal by registering with the new MFA authentication method.

I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-19T00:38:09.37+00:00

Hello @catmanjan,

I am following up to see if the above suggested answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful.

Please let us know if you have any further queries. We will be happy to answer your queries.
Sanoop M 1,950 Reputation points Microsoft External Staff

2025-03-20T01:09:13.52+00:00

Hello @catmanjan,

Since we didn't receive your response, I am following up to see if the above suggested answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful.

Please let us know if you have any further queries. We will be happy to answer your queries.

Share via

A particular directories Azure Portal prompts for MFA but won't accept it

1 answer

Your answer