Microsoft Authenticator on Android "Failed to register for receiving push notifications"

Larry Silverman 27 Reputation points
2021-02-23T16:31:09.007+00:00

I've been stuck here for months. I've googled and not found anyone else with the same exact problem.

I am the Azure and domain administrator for my company. We're on Microsoft 365 E3.

I've been unable to get Passwordless authentication working with push notifications for myself or my employees.

We can successfully use Android Microsoft Authenticator for one-time codes. Push notifications DO come through on Android in this mode.

Push notifications DO NOT come through, and registration for push notifications fails, when enabling Passwordless.

Plus, the enrollment into Passwordless is very challenging for users. If I want to register my Microsoft Authenticator for passwordless auth, I have to time things so the one-time code rolls over giving me 30 seconds, then write down the new one-time password code, log in with email and password and use the OTP to get through the process. This is very challenging to guide my employees through.

Once enabled in this way, the Authenticator no longer receives push notifications during log ins.

Users have to log into their web app, and when prompted with the three 2-digit codes, unlock their phone, open the Authenticator app on their phone, tap into the right Work account, then pull-down to refresh. Only then are the codes shown.

On Android, if the user, registered for Passwordless, clicks in the app the "Update phone sign-in", the "Registering for push notifications..." dialog pops up, then a small toast notification near the bottom of the screen says, "Failed to register for receiving push notifications".

In the list of accounts within Microsoft Authenticator, my work account has an icon on the left hand side. It is a red exclamation mark surrounded by a red circle.

I understand Android push notifications rely on Google Firebase Cloud Messaging. There's nothing in our environment in the United States that would block cloud messaging. Google push notifications work fine in every other app, and even work fine in Microsoft Authenticator in simple OTP mode.

In the Android app settings, Battery optimization is set to "Not optimized". Notifications are all allowed.

I've checked every setting I can find. I'm utterly stuck.

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,147 questions
{count} votes

Accepted answer
  1. Abdullah Ollivierre 106 Reputation points
    2021-07-11T04:22:18.177+00:00

    We got the fix for you!! Seems “Azure Multi-Factor Auth Connector” was disabled on our accounts. This will allow you to get the push notifications for the number matching challenge without the need to manually poll by refreshing the pulling the app.

    Open PowerShell and use “Connect-MsolService”
    Login with Global Administrator Account
    Run “Get-MsolServicePrincipal -AppPrincipalId 1f5530b3-261a-47a9-b357-ded261e17918”
    If it is False, run “Set-MsolServicePrincipal -AppPrincipalId 1f5530b3-261a-47a9-b357-ded261e17918 -AccountEnabled:$true”
    In the Authenticator App on your phone, click the arrow to run “Update phone sign-in” again, the exclamation mark should go away
    

    At this point you can close the Authenticator App and try to login to your Office 365 account. It should start prompting you without manually opening the App!

    Hope that helps!

    reference
    https://www.jasonsamuel.com/2019/03/04/how-to-setup-password-less-phone-sign-in-authentication-with-microsoft-authenticator-azure-ad-and-citrix-workspace/

    3 people found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,621 Reputation points Microsoft Employee
    2021-03-01T21:10:44.56+00:00

    Some obvious things to try:

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

    One thing worth mentioning is that if your organization has staff working in or traveling to China, the Notification through mobile app method on Android devices doesn't work in that country/region as Google play services (including push notifications) are blocked in the region.

    If it's an issue on the Android side of things we won't be able to help too much, but if you want to reach out to me at AzCommunity@microsoft.com and provide some screenshots and logs (if available) we can definitely look into this further.

    0 comments No comments

  2. Larry Silverman 27 Reputation points
    2021-03-04T20:01:42.657+00:00

    I went through the blog post you referenced. Everything is set as it should be.

    Passwordless authentication works, but none of my employees are receiving (or can register for) the push notifications part of it.

    To be clear, we see the 3 different 2-digit codes presented in our Microsoft Authenticator app, but they only appear after forcing a manual refresh (swipe down to refresh), or by the user taking some other action that I imagine causes the app to poll the servers.

    In summary, polling works, but push doesn't.

    0 comments No comments

  3. Matt Klein 1 Reputation point
    2021-05-21T15:59:29.187+00:00

    I am having the exact same problem. Have not been able to find a solution.

    0 comments No comments

  4. Philip Netherclift 1 Reputation point
    2021-08-16T13:56:14.83+00:00

    https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1
    Choose "Notify me through app" and then if red text appears to the right of that then click "Set up Authenticator app" and set up authenticator again and then choose "Notify me through app" again.

    0 comments No comments