none
Azure asking for 6 digit code, but authenticator app give 8 digits RRS feed

  • Question

  • Hi All

    I have 2 Azure accounts. 1 for my company and 1 for my personal use.

    My personal account has suddenly (not by my request) asking for verification via MS Authenticator app.

    The problem is the code it wants is 6 digits. But when i link my personal email address/Azure account to the app - it gives me an 8 digit code. Which of course is useless.

    Phone is new-ish, but same phone number and email addresses etc.

    Authenticator does work for my Outlook account etc when prompted. 'allow sign in for X?' etc

    Any idea how on earth i fix this? I can't log a ticket with MS as i cant login to Azure...

    Thanks in advance

    Monday, January 20, 2020 11:46 PM

All replies

  • I am facing same issue - did u manage to get resolve?



    • Edited by Moorthya Tuesday, February 4, 2020 1:15 PM
    Sunday, February 2, 2020 11:49 AM
  • I'm also facing a similar issue, except with Teams instead.  Did you manage to resolve?
    Monday, February 3, 2020 1:03 PM
  • I am facing the same problem. Were anyone of you able to find a solution?
    Wednesday, February 5, 2020 5:46 AM
  • I approached Azure support via Twitter twice. they said "We've flagged the post again for another look. Please keep an eye on the post"
    Wednesday, February 5, 2020 6:24 AM
  • Currently facing the same issue. Cannot sign into Azure Portal.
    Sunday, February 9, 2020 11:02 AM
  • Exact same issue.

    First I authenticate my Microsoft Account using the push notification on the Authenticator app. After this I am asked again to authenticate using a 6 digit code, however being a Microsoft account the code within my app is 8 digits.

    It's as if MFA has been enabled withing my Azure AD tenant.

    Note I have no problems logging on to this site or account.microsoft.com, further suggesting to me that this is an Azure-related problem.


    Tuesday, February 11, 2020 12:44 PM
  • samer issue as well...
    Thursday, February 13, 2020 3:29 PM
  • I did speak with Azure support yesterday (hopeless 1st line support as expected with any company of this size) and they have passed my ticket to the Data Protection Team. I am still waiting to hear from them.
    Thursday, February 13, 2020 3:33 PM
  • ive been passed around i swear, every support department in MS...and now they're ignoring me
    Thursday, February 13, 2020 3:34 PM
  • Well I did not hear from the Microsoft Data Protection Team but I did manage to resolve this issue myself.

    Each situation may be different, but in my case my Microsoft account was a guest in several Azure subscriptions (therefore Active Directory tenants).

    In some of them I was assigned the Global Administrator role which I believe enforces multi-factor authentication for each Azure AD.

    If you use the Microsoft Authenticator account you may have added accounts in there previously which show the name of the Azure subscription and your username written in the "guest" format username_domain#EXT#@{subscription-owner-name}.

    Being an Azure AD account, this generates a 6-digit code in the Authenticator App.

    I did not have this account in my Authenticator as I had been using a different logins native to each subscription until recently.

    In the end what I had to do was logon to the Azure subscription with a different account, someone with at least the User Access Administrator role, and remove my Microsoft account from the Directory (and therefore the subscription).

    It's possible that simply removing my membership in the Global Administrators role may have also had the same effect.

    In any case what this did was allow me to get into my default/native Azure subscription, first created by my Microsoft account. I was no longer being asked for Azure AD tokens, only the longer-form Microsoft Account token.

    All of this was acceptable to me as what I am trying to do is abandon my Microsoft account anyway, and switch to using my work-based Active Directory account for access to all Azure subscriptions.

    Now that my Azure AD is the Global Administrator I was forced to configure MFA. This has added an Azure AD guest account to my Authenticator App as expected.

    Recently I had re-assigned the MSDN/VisualStudio benefit to all of my AzureAD users who previously used Microsoft accounts. I then connected an Azure DevOps tenant to our Azure AD. All of these changes complicated my efforts to resolve this, but in the end these change had nothing to do with the problem at all.

    tl;dr

    If you're locked out of your Azure subscription using the Microsoft account that you used to create the subscription, and you're being asked for an 6-digit MFA token you don't have, consider whether you might be a Global Administrator in another Azure subscription as a guest?

    Friday, February 14, 2020 4:10 PM