I have a personal Microsoft account (MSA) with a Microsoft Family subscription. The primary email is a custom domain alias, but the underlying account is an @outlook.com address. I'm trying to sign into Azure Portal to register a new app in Entra ID.
Tagging @Raja Pothuraju per their request as well.
The problem:
When I sign into portal.azure.com, it redirects me to sign in with my @outlook.com address and then prompts for a 6-digit MFA code. My Microsoft Authenticator app only generates 8-digit codes for this account (the personal MSA entry). The 6-digit field won't accept the 8-digit code. The alternate sign-in option offers a push notification, but no notification ever arrives in my Authenticator app.
I can sign into every other Microsoft service (Outlook, OneDrive, account.microsoft.com) without issue using the 8-digit codes and push notifications.
What I understand is happening:
Azure Portal authenticates through Microsoft Entra ID, which uses standard 6-digit TOTP codes. My Authenticator is registered on the MSA side only, which uses a proprietary 8-digit code format. Push notifications sent by Entra ID never arrive because there is no Entra ID device registration for my account -- only an MSA registration. These are two separate MFA systems sharing the same email address.
What I've tried:
- Added a standard 6-digit TOTP entry via account.microsoft.com/security using "Set up a different Authenticator app" and scanning the QR code as "Other (Google, Facebook, etc.)" in the Authenticator app. Azure Portal rejected this code -- it appears the TOTP secret is registered on the MSA side, not the Entra ID side.
- Attempted to register MFA through aka.ms/mfasetup. This rejected my personal account, saying it cannot be used.
- Tried Azure CLI with
az login --use-device-code. Same MFA wall.
- Tried signing in through entra.microsoft.com. Same 6-digit prompt, same result.
- No alternate verification methods are offered beyond the 6-digit code and the non-functional push notification.
Environment:
- Personal Microsoft Account (not work/school)
- Microsoft Family subscription
- Custom domain alias on the account
- This issue started after the October 2024 mandatory MFA enforcement for Azure Portal
What I need:
A way to register MFA on the Entra ID side of my account, or a temporary MFA exemption so I can complete registration. I appear to be in a catch-22 where I can't set up Entra ID MFA because I can't sign into Azure, and I can't sign into Azure because I don't have Entra ID MFA configured.
Has anyone resolved this without calling Microsoft support? If a Microsoft employee can assist, I'd appreciate being contacted directly.I have a personal Microsoft account (MSA) with a Microsoft Family subscription. The primary email is a custom domain alias, but the underlying account is an @outlook.com address. I'm trying to sign into Azure Portal to register a new app in Entra ID.
The problem:
When I sign into portal.azure.com, it redirects me to sign in with my @outlook.com address and then prompts for a 6-digit MFA code. My Microsoft Authenticator app only generates 8-digit codes for this account (the personal MSA entry). The 6-digit field won't accept the 8-digit code. The alternate sign-in option offers a push notification, but no notification ever arrives in my Authenticator app.
I can sign into every other Microsoft service (Outlook, OneDrive, account.microsoft.com) without issue using the 8-digit codes and push notifications.
What I understand is happening:
Azure Portal authenticates through Microsoft Entra ID, which uses standard 6-digit TOTP codes. My Authenticator is registered on the MSA side only, which uses a proprietary 8-digit code format. Push notifications sent by Entra ID never arrive because there is no Entra ID device registration for my account -- only an MSA registration. These are two separate MFA systems sharing the same email address.
What I've tried:
- Added a standard 6-digit TOTP entry via account.microsoft.com/security using "Set up a different Authenticator app" and scanning the QR code as "Other (Google, Facebook, etc.)" in the Authenticator app. Azure Portal rejected this code -- it appears the TOTP secret is registered on the MSA side, not the Entra ID side.
- Attempted to register MFA through aka.ms/mfasetup. This rejected my personal account, saying it cannot be used.
- Tried signing in through entra.microsoft.com. Same 6-digit prompt, same result.
- No alternate verification methods are offered beyond the 6-digit code and the non-functional push notification.
Environment:
- Personal Microsoft Account (not work/school)
- Microsoft Family subscription
- Custom domain alias on the account
What I need:
A way to register MFA on the Entra ID side of my account, or a temporary MFA exemption so I can complete registration. I appear to be in a catch-22 where I can't set up Entra ID MFA because I can't sign into Azure, and I can't sign into Azure because I don't have Entra ID MFA configured.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 57.99999999999999%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 82%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)