Share via

Sign in to Azure Portal requires to setup Authenticator app, but it is already setup

kine-8660 36 Reputation points
2025-05-21T08:23:05.3666667+00:00

I have a big problem with signing in to Azure Portal. The process goes as follows (tried in Edge, in-private window):

  1. I enter my email address in the sign in page (portal.azure.com)
  2. Dialog "Get a code to sign in" appears, I press the "Send notification" button
  3. Dialog "Check your Authenticator app" appears and the code to select is shown.
  4. I open the Microsoft Authenticator app and select the correct code
  5. Dialog "Stay signed in?" is shown , I select Yes
  6. Dialog "Verify your identity" with options text/call appears. I select "text" and it sends me a text message.
  7. I enter the code received as SMS
  8. Now there is a dialog "Protect your account" "For a faster and safer way to sign in, your organization requires you to use Microsoft Authenticator."
  9. I have already setup Authenticator app and added my account there. Trying to add account to Authenticator app again fails always (it does not accept the QR code).
  10. So my primary Azure account is blocked, I cannot sign in

Before this started to happen, I managed to add another user to Azure portal with full rights. This same process has started to happen also to this other user account. It says I can skip setting up Authenticator app 3 more times and after that I am blocked from using also this another account.

It seems the Azure portal sign in is totally broken. It asks me to setup Authenticator app which I have already done a long time ago. The email addresses I use for login work normally in other services (e.g. Microsoft Partner Center).

What to do?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Megan Truong 720 Reputation points Independent Advisor
    2025-05-23T02:26:46.93+00:00

    Hi @kine-8660,

    Thank you for contacting Q&A Forum. You're encountering a sign-in loop in the Azure Portal where you're repeatedly prompted to set up Microsoft Authenticator—even though it's already configured. This is a known issue and typically caused by Security Defaults or MFA registration policies in Microsoft Entra ID (formerly Azure AD). This could be due to the following issues:

    • Security Defaults or MFA Registration Policy is enabled, forcing users to re-register MFA—even if already set up.
    • The Authenticator app registration is corrupted or not properly linked to the account.
    • The account is stuck in a loop due to incomplete or conflicting MFA setup.

    These are few options you can apply to troubleshoot this as quick as possible (you can test under the privacy window of the browser):

    Option 1: Disable Security Defaults (if applicable)

    If you're using a small tenant and haven't customized Conditional Access:

    • Go to Microsoft Entra Admin Center → Azure Active Directory → Properties.
    • Scroll to Manage Security Defaults.
    • Set it to No and click Save.

    This stops the forced MFA registration loop.

    Option 2: Reset MFA for the Affected User

    If you're an admin (or have another admin account still working):

    • Go to Microsoft Entra Admin Center → Users.
    • Select the affected user.
    • Under Authentication methods, click Require re-register MFA.

    This will clear the current MFA setup and prompt the user to reconfigure it cleanly. If you can't access this due to the loop, use another admin account or contact Microsoft Support.

    Option 3: Clear Authenticator App Cache or Reinstall

    Sometimes the app can get stuck, therefore you can reset the app on your mobile device

    • On iOS: Go to Settings > General > iPhone Storage > Authenticator > Offload App.
    • On Android: Clear cache and storage from app settings.

    Then reinstall and try again. Please note that this option might face the risk of losing verification data

    Option 4: Contact Microsoft Support

    If you're locked out of all admin accounts, you’ll need to:

    • Go to Azure Support.
    • Choose Technical > Microsoft Entra ID > Sign-in issues.
    • Explain that all admin accounts are locked in an MFA loop.

    Kindly let me know if any of these works for you and please let me know if you have any further question.

    If I have answered your question, please accept this as answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!

    Best regards,
    Megan.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harshitha Eligeti 4,380 Reputation points Microsoft External Staff Moderator
    2025-05-21T21:43:08.57+00:00

    Hello @kine-8660
    Based on the scenario you described, it seems that your account was already set up with the Authenticator app, but you're being prompted to register for MFA again. This may be happening because you are being redirected to a different account that hasn't been registered with MFA.

    Please try logging in using this URL: https://portal.azure.com/tenantid and let me know if that works.

    If it doesn’t, you can try resetting MFA for your account with the help of another global admin in the tenant.

    If you are the global admin of the tenant, I will need some additional details to proceed further. As this information contains Personally Identifiable Information (PII), please share the following details via private message:
    **tenant ID or Domain Name:
    Contact phone number (add +Country code):
    Contact email address:
    Global admin email address (affected account):
    Country:
    TimeZone:
    **
    Do let us know if you have any queries. we are happy to assist you further.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.