![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 98%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
The behavior is consistent with Azure AD B2C phone-number validation and/or downstream telecom reputation issues, not with the numbers your users are entering.
Key points and checks:
- Validate the phone number format against B2C’s pattern
Azure AD B2C uses a strict E.164-style pattern for phone numbers:
- Must start with
+ - Only digits and optional spaces/hyphens
- Length 6–15 digits after
+
-
number_pattern:^\\+(?:[0-9][\\x20-]?){6,14}[0-9]$ -
invalid_number: “Please enter a valid phone number”
+43 6601234567(or without spaces), with no brackets or other symbols. - Must start with
- Confirm how B2C parses the phone number
If using custom policies and phone-number claims transformations, verify that the number is considered valid:
-
GetNationalNumberAndCountryCodeFromPhoneNumberStringis used to split the phone number into national number and country/region code. - If the number is invalid, B2C can surface a custom error message such as “Bad phone number” from the self-asserted technical profile.
UserMessageIfPhoneNumberParseFailureor similar metadata that might be mapped to “Bad phone number.” -
- Check the B2C phone-factor UI error mapping
The phone factor page has built-in error strings that might be surfaced:
-
error_448: “The phone number you provided is unreachable.” -
error_tryagain: “The phone number you provided is busy or unavailable. Please check the number and try again.” -
error_sms_throttled/error_phone_throttled/error_throttledfor rate limits.
-
- Consider telecom / reputation issues
For MFA and SMS, Microsoft uses multiple telecom providers. Known issues include:
- Faulty telecom providers or blocked/“bad reputation” numbers can cause repeated failures.
- In similar cases (error 399287 / bad reputation), Microsoft support had to reset MFA or clear the reputation flag on the provider side.
- Test multiple Austrian numbers from different carriers.
- Attempt registration several times within a short window (for example, five times within 5 minutes) and capture timestamps, correlation IDs, and affected numbers.
- Open a support case with Microsoft, providing those details so they can check the telecom routing and any reputation blocks for Austrian numbers.
- Verify SMS-based sign-in configuration (if used)
If SMS-based sign-in is enabled for customers:
- Ensure the SMS authentication method policy is enabled for these users.
- Confirm numbers are stored in proper E.164 format and not reused in conflicting ways in the tenant.
If the numbers pass the B2C regex and claims transformation but still fail with “Bad phone number” only for Austria, the next step is to involve Microsoft support to investigate telecom routing or reputation issues for Austrian phone numbers in your tenant.
References:
- Localization string IDs
- Define phone number claims transformations in Azure AD B2C
- Authentication methods in Microsoft Entra ID - Voice call
- Configure and enable users for SMS-based authentication using Microsoft Entra ID
- Multifactor authentication in external tenants
- Azure has blocked myphone number for SMS verification due to a “bad reputation” flag - Microsoft Q&A
- Error Code: 399287 - Microsoft Q&A