question

BharatSuthar-8125 avatar image
1 Vote"
BharatSuthar-8125 asked ricardosolisvillegas-4678 commented

Unable to scan QR code in Microsoft authenticator app

My main issue is : My mentor has made a group on teams and added me as guest. Now for joining this group do following--
1. login and enter code
2. Ask for more information from organization
3. Ask to install Microsoft Authenticator App and scan the QR code. But after I scan the QR code on mobile I get the below error.
"Unable to add the account:
We couldn’t add the account. Please verify that the activation code is correct and push notification are enable on your device for this app."
And also not able to check that I am blocked or not, because on clicking on blocked/unblocked users its showing error below
{ "shellProps": { "sessionId": "f54ab132cfea4d8a82e78a3726f5085e", "extName": "Microsoft_AAD_IAM", "contentName": "BlockedUsersBlade", "code": 404 }, "error": { "message": "Not found", "code": 404 }}

microsoft-authenticatorazure-ad-multi-factor-authentication
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @BharatSuthar-8125

Welcome to Microsoft Q&A community.

I might say that there could be several reason for this issue...

It could be that the admin for the Azure AD/Active directory server(on-premises) has a user conditional policy enabled. Also, that you have tried to many times to log in with no success so, you are being marked as high risk sign-in user.

If the admin is able to assist you by revoking your user session or re-register MFA and so on...

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered ricardosolisvillegas-4678 commented

On scanning qr code on microsoft authenticator app it showing "We couldn’t add the account. Please verify that the activation code is correct and push notification are enable on your device for this app."
Please let me know, what is the reason for this. I tried everything but not able to solve this issue. Can you please help me in this

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Where did you scan the QR code? From your email account ...

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 ricardosolisvillegas-4678 ·

I just wanted to restate what I said before... When I meant your email account was.... Did you logged in from the authenticator app or you logged in from a web browser using a PC so, you were scanning like that.

BR,

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 ricardosolisvillegas-4678 ·

Please let us know if you were able to talk about the admin or the one who is in charge of the Azure AD so, they can check the statements given on my first comment : )

@NewbieJones-6218 thanks for supporting on this as well.

BR,

0 Votes 0 ·
NewbieJones-6218 avatar image
0 Votes"
NewbieJones-6218 answered

Something else to try is a different authenticator. Dare I say try using Google Authenticator as a a workaround\troubleshooting step. Just in case conditional access is causing the issue.

I think the Microsoft authenticator works slightly differently when you are using a Microsoft account and is trying to log you in with your corporate Microsoft account.

This allows you to receive popups that you can just “approve” the request which I think is called “Simple Approvals” in MFA terminology. This is different to one time passwords (OTP).

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/all-your-creds-are-belong-to-us/ba-p/855124

I can remember having all sorts of issues with conditional access when trying to connect to a suppliers Teams site as a guest using my corporate Microsoft account and the Microsoft authenticator on my personal device. Setting up the authentication using the Google app resolved all of this, as it defaulted back to OTP where the conditional access rules no longer apply.

You can't force a connection to use OTP within the Microsoft authenticator app (as far as I'm aware).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered NewbieJones-6218 commented

Yes it's right we can also try another app. I also tried google authenticator but it's saying wrong code or wrong otp. I even tried multiple times but stills same. I also tried the key and account code but still not worked, it said wrong code

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This sounds like the problem is not at your end.

When you say guest, do you mean a guest (AD B2B) account in the tenant of the Teams channel you are trying to join.

My first reaction would be to delete and re-create that account.

The admin of that tenant should be able to view the login attempts and provide more information on what is actually failing.

It's usually as simple as getting the invite letter, scanning the QR code and off you go. (Did the QR code scan, and create an entry in the authenticator).

If its using your Microsoft account, then you don't normally need to set a password. You enter your Microsoft password associated to that email address and then the OTP.
If its using a non-Microsoft account, then you need to set a password during the setup process.

Lastly ensure that the time\date on the device is correct.

0 Votes 0 ·

Just to confirm...

You are trying to login to Teams hosted by another company (Azure Tenant).
The teams channel is not hosted in your companies tenant.

The logs I'm talking about would need to be reviewed by an admin in the tenant that the teams site is hosted (so I'm assuming this is not your company).

Please note, this can also be blocked by your own IT, which can prevent accessing other tenants. (Although I would expect it to say something along those lines in the messages you receive).

0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered NewbieJones-6218 commented

My mentor has made a group/team on Microsoft teams app and added me to that group. Now I have to Install Microsoft Teams and login into my account and after that
Create an account in Microsoft teams using your email id. And install the authenticator app on your Device. Select Microsoft (guest) as an organization and then I will get a code, enter that code in https://microsoft.com/devicelogin on other device.
After that continue with procedure/steps given...
Steps are
1. login to https://microsoft.com/devicelogin and enter code
2. Ask for more information from organization
3. Ask to install Microsoft Authenticator App and scan the QR code. But after I scan the QR code on mobile I get the below error.
"Unable to add the account:
We couldn’t add the account. Please verify that the activation code is correct and push notification are enable on your device for this app."
--> I tried my best to resolve this but not able to done I am doing from yesterday and not done...its very urgent because my internship program meeting are going on this. Can I provide my account details? So that you can correct my Microsoft account self.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you confirm a few things?

How has the mentor added you?

Don't post it here, but has he added a personal email address and is that address a Microsoft account.
If its Microsoft, is it a personal (individual) or work account?

The process should be that you get an invitation email to the account that was added as a guest.

If its a Microsoft account, the behaviour is slightly different to non Microsoft accounts.

If its a Microsoft account, you usually have to login with your Microsoft account first at which point it will ask you to complete the guest account details and then provide the link to scan the QR code to complete the account setup.

If its a non-Microsoft account, you will have an extra step in setting a password on the guest account.

I still think it may be a good idea to ask your mentor to remove your account, and re-create the guest account.

0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered NewbieJones-6218 commented

My mentor is software engineer at Microsoft. Mentorship program is going on in India for internship after this program. She added me as a guest in Microsoft teams and I got invitation email to my account to join this teams group. Then followed the above steps that I mentioned above and facing the error

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You still haven't answered if your account\email is a Microsoft one, or a non-Microsoft account and if it is a Microsoft account, whether its a personal or work (organisation) account.

To try and explain this a bit more.

Account and authentication are two different things. For example you may have a Microsoft (Guest) account, but authenticate using your Google email address and MFA. (You don't actually authenticate against Google, this is more of an inline account).

If you use a Microsoft account, its different and you will still have a guest account, but authenticate against your Microsoft account (either personal or work).

The account you will be using is a guest account in the mentor's tenant. (Which in this case sounds like its actually Microsoft themselves, rather than some other organisation).

The authentication has been set to require MFA, but the password for authentication will either be the password linked to your Microsoft account, or a password you set for a non-Microsoft account.

It still sounds like you need your account re-created by your mentor. Usually when we deal with Microsoft for training (we used Microsoft heavily for different training needs), they will help directly with this if there are issues. Have you reached out to your mentor yet?

0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered NewbieJones-6218 commented

My account is Microsoft account and it's personal. And my mentor account is also Microsoft only because she is working at Microsoft as software engineer. I got invitation mail by my mentor to join the teams group made by her. In mail it's about "you have been added to a team in Microsoft teams" In this mail I clicked on "open Microsoft teams" In was on my mobile and Then it redirected me to chrome for login via google and accept that group is access the....after I accepted then it redirected me to teams app that I installed. There I wrote my Microsoft personal email and entered password and got login. In orgs there are 2, one is my personal and another one is Microsoft (guest) then I clicked on Microsoft guest then it's showing a code and written that open this "http://microsoft.com/devicelogin" When I open this link on my laptop and enter the code it Ask for more information from organization and Ask to install Microsoft Authenticator App and scan the QR code. But after I scan the QR code on mobile I get the below error.
"Unable to add the account:
We couldn’t add the account. Please verify that the activation code is correct and push notification are enable on your device for this app."

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry, really can't tell what is going on here.

The "login via Google" is not quite making sense. What does Google have to do with the initial login. Is this just because the default browser on your mobile is Chrome?
Please make sure it really is your Microsoft account and not your Google account at this point.

Another troubleshooting step is to try this on a desktop device. Don't install Teams and select "continue with browser" when it tries to do so.
If you have a Windows device. Use Edge for this if at all possible. Make sure you are logged into Edge with the correct Microsoft account (your personal one).
This is how I connect to third parties teams sites, so that I don't have to change orgs in my main teams app.

It sounds like its the MFA element that is not being accepted. As mentioned, the tenant that the guest account is in (Microsoft's) can see the authentication attempts in real time and can tell a lot more about what is going on. Not sure your mentor will necessarily have that access to view those attempts though.

To rule out the push notifications element of the error. Try using Google authenticator again (which should default to standard OTP authentication). This will then prove the issue is with the activation code and account you are using.

0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered NewbieJones-6218 commented

I really tried everything, even google authenticator...can you please tell me in a one-on-one call to what to do...can we please arrange a 5minutes quick call or meet for this, at your time when you will be free. My whatsApp number is +91 7412815570 and my email = bharat9001706106@gmail.com. please contact me sir, must needed help.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry, can't do that. I don't work for Microsoft, and I'm only giving troubleshooting steps for you to try.

I don't know what is causing this, as its usually a fairly straight forward process.

Sounds like you will need to contact your mentor and get them to support you through this process.

0 Votes 0 ·
BharatSuthar-8125 avatar image
0 Votes"
BharatSuthar-8125 answered ricardosolisvillegas-4678 commented

When I tried to find solution of this
"Unable to add the account:
We couldn’t add the account. Please verify that the activation code is correct and push notification are enable on your device for this app."
It's saying that I am blocked at mfa user in azure...is it really this only? Or something else.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

As I mentioned to you at the beginning the issue is that the admin of the Azure AD might have a conditional user policy or you have tried to many times that you are considered as high risk sign-in users... So, this has to be done be the person in charge.

BR,

0 Votes 0 ·