question

thaslett-2964 avatar image
0 Votes"
thaslett-2964 asked thaslett-2964 answered

Many prompts for Approval from Microsoft Authenticator app with MFA

Hi All,
We use Azure MFA for users to remote in to their desktops through Remote Desktop Gateway. I have one user that gets prompted multiple times by the Microsoft Authenticator app - after she has disconnected. I can see in the Activity Report that on June 12 she logged in through the Remote Desktop Gateway at about 10:00am and was prompted once. She then disconnected at about 12:45pm that same day and was then prompted 22 times in about a 30 minute period to approve the login.

This was not the only time this has heppend to her, it is just one example. I have not heard about anyone else having this issue.

Can anyone tell me why this happens to her? Any way to fix this issue?

Thanks!

remote-desktop-servicesazure-ad-multi-factor-authentication
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@thaslett-2964
Thank you for the detailed post!

  • Because this is happening to only one user, how're they disconnecting from the VM?

  • Are there any background apps that could be trying to login the user? Or request for authentication?

  • Is this happening on a daily basis or is this only every once in a while?

  • Does it only happen when the user logs out or does it still happen when they shut down their machine?


This is definitely an interesting issue, and I believe our support team should take a closer look into your environment in order to troubleshoot this.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

Hello James,

  • She is closing the RDP session using the X in the control bar at the top of the screen.

  • Neither of us are aware of any apps that are trying to log in. I would think that this would happen at other times as well if it was an app. It only happens when she disconnects.

  • It only happens when she disconnects from the RDP session that was logged in through RDG using Azure MFA.

  • It only happens when disconnecting. Shutting down does not trigger it.

I will go through the Support Team if nothing here points me to a resolution.

Thank you!



0 Votes 0 ·
thaslett-2964 avatar image
0 Votes"
thaslett-2964 answered

We now have a resolution on this. It turned out that when she was done working, she would just close the lid on her laptop without disconnecting the session first. I told her to try disconnecting first using the "X" the next time she connected. She did so last night and was not prompted again after disconnecting. I verified that the logs did not show the repeated attempts to reconnect.

Thank you for your suggestions!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JiaYou-MSFT avatar image
0 Votes"
JiaYou-MSFT answered JiaYou-MSFT commented

HI thaslett-2964,

1.What's authentication methods do you use?

If we change the authentication method to notification in mobile phone, will the same issue happen?

Authentication methods in Azure Active Directory - Microsoft Authenticator app
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-authenticator-app

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Jia,
We already use the Microsoft Authenticator app notifications. We set all of our MFA users up to use this, so we have several people using it without this issue, including myself. That is the prompt that I was referring to by the app.

0 Votes 0 ·

HI thaslett-2964,

I find below thread about your issue.

"A user might see multiple MFA prompts on a device that doesn't have an identity in Azure AD. Multiple prompts result when each application has its own OAuth Refresh Token that isn't shared with other client apps. In this scenario, MFA prompts multiple times as each application requests an OAuth Refresh Token to be validated with MFA."

Optimize reauthentication prompts and understand session lifetime for Azure AD Multi-Factor Authentication
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime

1 Vote 1 ·

Thanks for bringing that to my attention, but her PC is registered in Azure AD. Also, I would think that it would be a regular thing to get prompted in that scenario, not exclusively after disconnecting from an RDG session.

0 Votes 0 ·
Show more comments
thaslett-2964 avatar image
0 Votes"
thaslett-2964 answered
  1. As I've mentioned a few times now - it only happens when she disconnects from a Remote Desktop Gateway session. Otherwise, it NEVER happens.

  2. No other users have reported this same issue.

  3. I've found no difference is any settings.

  4. I've found no difference is phone settings.

  5. I just talked to her this morning about reinstalling the app and redoing the initial MFA setup as it happened to her again this weekend when she disconnected from a RDG session. I will report back once we have done that.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.