Share via

I cannot sign into Azure via a browser, but can in the Azure CLI

Drew Hinde 0 Reputation points
2026-03-31T19:11:11.8733333+00:00

I cannot sign into Azure via a browser, but can in the Azure CLI. I get redirected to the 'Enter a Code' prompt but the code in Authenticator is longer than the code the prompt is expecting.

When i choose 'Sign in another way' and choose 'Approve a request on my authenticator app', i never receive the request on my phone. I have the app approval set up in my profile because i can log in other Microsoft services using it.

I can login with no problems via the Azure cli and can see the correct sub and tenant id. Its driving me crazy, Please help!!

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-31T19:11:34.7666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The symptoms indicate an issue with the browser-based sign-in/MFA experience rather than with the account or Azure itself, since Azure CLI sign-in works.

    Try these steps in order:

    1. Clear browser sign-in state
      • Sign out of all Microsoft accounts in the browser.
      • Clear cookies and site data for Microsoft/Azure sign-in pages (for example, login.microsoftonline.com, portal.azure.com, microsoft.com).
      • Close all browser windows and reopen the browser.
      • Try signing in to the Azure portal again.
    2. Check for browser security/HSTS issues
      • If using Microsoft Edge and you see security warnings (for example, “The connection for this site isn't secure”) when Azure CLI or other tools try to open sign-in pages, remove any HSTS policy for localhost:
        • In Edge, go to edge://net-internals/#hsts.
        • Under Delete domain security policy, enter localhost and select Delete.
      • Then retry the browser sign-in.
    3. Align MFA method and prompt
      • The “Enter a code” prompt expects a specific type of code (for example, a 6‑digit TOTP code or a number match) that must match the method configured for the sign-in.
      • If the prompt is expecting a shorter code than what Authenticator shows, cancel that attempt and explicitly choose Sign in another way, then select the method that matches what Authenticator is configured for (for example, push approval/number match rather than code entry).
      • Since push approvals are not arriving, focus on getting a clean sign-in session (steps 1–2) so that the correct MFA prompt is shown.
    4. Use a different browser or in-private session
      • Try signing in from a different browser (or an InPrivate/Incognito window) on the same machine. If it works there, the issue is with cached state or extensions in the original browser.
    5. If Conditional Access/MFA policies are involved
      • If the tenant has Conditional Access policies requiring MFA, ensure that MFA is enforced at sign-in and not only at resource access. Misalignment can cause repeated or mismatched MFA prompts.
      • If errors mention “Interactive authentication is needed” or “MFA is required,” follow the guidance to ensure MFA is satisfied at sign-in.

    If none of the above resolves the issue, an administrator can temporarily reset MFA registration for the account from the Microsoft Entra admin center so that MFA methods can be re-registered cleanly.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.