Azure MFA Fraud Blocking and Ambiguous Errors!

With the festive bells ringing in our ears, I thought it appropriate that we discuss MFA Fraud alerts. I came across an intriguing issue this week where a user could not register for any type of MFA factor.

See below for clearly ambiguous errors (perhaps by design) and the Azure AD sign in logs weren’t any help either.

After failing short on all the usual MFA suspects we were able to track down the issue to the Fraud Alert Settings where we of course found the user in question who was having MFA related issues.

The takeaway?

If you have the MFA Fraud Alert settings enabled, make sure you have the MFA notifications enabled, send it to the right person and follow up the alerts in a timely manner.

In the meantime I'm sure Microsoft will help administrators with some less ambiguous errors... hopefully ;)

Enjoy the break and see you next year!

Joshua

SMS Error

Step 2: We've sent a text message to your phone on +XX XXXXXXXXX

Please check the phone number that you specified or change your preferred option.

Correlation ID: ab998057-b4eb-45c4-9011-289189eda24f

Session ID: 310100a4-98f5-47ef-a046-ec8a02118493

Timestamp:

Via Azure Authenticator Mobile App

QR Scan

We couldn’t add the account. Please verify that the activation code is correct and push notifications are enabled on this device for the app.

MFA Admin | Unblock Users