question

JanKahl-0502 avatar image
0 Votes"
JanKahl-0502 asked vipulsparsh-MSFT commented

Administrator SSPR not offering Mobile App

Hello,

since a few days, when adding a new admin account in Azure only email and telephone are available as methods for SSPR, but not the mobile app:

172540-image.png


In the Azure configuration, all authentication methods are mentioned:
172601-image.png







Any Ideas?


Regards,

Jan

azure-ad-sspr
image.png (39.7 KiB)
image.png (65.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered vipulsparsh-MSFT commented

@JanKahl-0502 After taking this thread offline we found that the tenant's combined Security information registration experience was set to OFF which resulted in the behavior where the authenticator App was not being asked to setup.

Once we enabled the option, the Admin account can now be setup with the authenticator app. Here is the setting location :
Azure AD – User Settings -- Manage user Feature Settings – User Can use the combined security information registration Experience.

173479-image.png
173480-image.png


Hope this might help someone else who comes looking for a solution for a similar ask.



Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.





image.png (190.6 KiB)
image.png (57.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image vipulsparsh-MSFT ·

@JanKahl-0502 Thanks for reaching out.

A quick test in my lab tenant shows all the option an admin has available. At the same time that admin should have registered that Auth app under security Info as well.
I could not make that out from your first screenshot but seems it talks about the Auth App method.

In my lab it is shows against the device you register the App with :

172966-image.png


Can you confirm the same from the admin account by going to https://mysignins.microsoft.com/security-info and see if it shows a mobile device register against it.
We can discuss further if the above seems right in your tenant, where we would need to take the admin account information from your and investigate further. (For that you can drop us an email at azcommunity@microsoft.com with subject "Atten-Vipul") I can then sync up with you offline to take further details.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.



0 Votes 0 ·
image.png (37.5 KiB)
JanKahl-0502 avatar image
0 Votes"
JanKahl-0502 answered vipulsparsh-MSFT commented

Hello Vipul,

thanks for your reply. Using https://mysignins.microsoft.com/security-info, the authenticator app cann be added. Unfortunately, after registering the Authenticator App and logging in again the"We need more information" screen does still appear, and from there only email and phone can be selected. On the security information page, the Authenticator App shows as registered like in your screenshot.


Regards,

Jan

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image vipulsparsh-MSFT ·

@JanKahl-0502 As next steps I would need to check those user accounts at backend. Send me an email at azcommunity@microsoft.com with subject "Atten-Vipul" I will sync up with you to investigate further.

0 Votes 0 ·