Microsoft Authenticator - Set up phone sign-in

Roman Melekh 21 Reputation points
2021-05-17T19:49:41.25+00:00

Hello

I have my test (trial) E5 account and now I am trying to test Phone Sign-in using Microsoft Authenticator.
I have registered my phone as a device and I see it in my Azure AD.
Now, when I click "Set up phone sign in" and click "Continue" I get an error:

Account not added

Your organization does not allow you to add your account to Microsoft Authenticator.

Any ideas what is the error?
Google knows nothing...

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
3,235 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jack Chen 116 Reputation points
    2021-07-28T16:58:23.367+00:00

    I got same error with my test Azure tenant and after changed some Azure AD setting, it finally worked.

    document: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

    configurations need to be done on Azure AD ( by global admin ):

    1. in AAD -> Enterprise Application, search "Azure Mul" ( application type is "Microsoft applications" ), then enable "Enabled for users to sign-in" option for Azure Multi-Factor Auth Connector ( There is another application "Azure Multi-Factor Auth Client", might need to do the same ).
    2. Add your user or a proper group into the application's "Users and Groups" so you are allowed to use the app.
    3. Make sure in AAD -> Security -> "Authentication methods", "Microsoft Authenticator" is enabled for all users.

    on client side, the device need to be registered into Azure AD.