In this post, we identify the scenarios where a user gets the Microsoft Authenticator error We’re sorry, we ran into a problem; Please choose ‘Next’ to try again while using Multi-Factor Authentication (MFA), and discuss the most suitable fixes to the issue.
Upon investigation, we gathered that this issue might occur in the following scenarios.
Consider the scenario whereby an Azure AD admin has configured the following tenant-wide settings:
- The Security Defaults feature is disabled.
- The combined registration for Azure MFA and Azure AD Self-service Password Reset is enabled.
- All authentication methods in the legacy PhoneFactor portal are still allowed.
- No Conditional Access policies were created or modified to include the Register security information action.
Now, when a user in the organization tries to register the security information for their Azure AD account using the Microsoft Authenticator App, the error is displayed in the registration experience after taking a photo of the QR code in the Authenticator App. Note that the error can still occur whether the Authenticator App was used or not. In addition, when this issue occurs, you will see the following status reason for the failure in the log entry:
User failed to start the registration for Authenticator App with Notification and Code
A single user couldn’t log in via Multi-Factor Authentication. Even though the SMS code would say it was sent, wouldn’t come through. The phone calls also wouldn’t come through. Trying to set up another MFA method aka.ms/mfasetup, the error occurs. In addition, you may receive the following error message:
You are blocked from performing this operation. Please contact your administrator for help.
Fix Microsoft Authenticator error, We’re sorry we ran into a problem
If the We’re sorry, we ran into a problem; Please choose ‘Next’ to try again Multi-Factor Authentication (MFA) error message is displayed depending on the scenario described above, then the applicable fixes presented below can help resolve the issue.
- Assign the required license to the user account
- Unblock the user on the MFA page via Azure Active Directory
- Check the Azure AD audit logs
Let’s see how these suggested fixes apply!
1] Assign the required license to the user account
For this fix, as it relates to Scenario 1 above, the issue occurs if the Azure AD account for the person is not assigned the Microsoft Azure Multi-Factor Authentication license (plan). In this case, to resolve the issue, assign the license to the user account if it’s not assigned or resolve any known issue that prevents the Microsoft Azure Multi-Factor Authentication plan from being assigned to the user account.
2] Unblock the user on the MFA page via Azure Active Directory
For this fix, as it relates to Scenario 2 above, the issue occurs due to some suspicious activity (an MFA phone call they didn’t initiate) so chose the option to block future sign-in attempts. This also triggers an email alert to admins, and that link is where the user’s block is listed until released. To resolve this issue, you can unblock the user on the MFA page via aad.portal.azure.com.
3] Check the Azure AD audit logs
If neither of the fixes provided above worked for you or you require further assistance with the issue or similar, then you can check the Azure AD audit logs and refer to this Microsoft documentation for possible resolution.
Hopefully, you find this post helpful!
For more resolutions to common problems with two-step verification for a work or school account, refer to this Microsoft support article.
Now read: MFASweep to verify if MFA is enabled across Microsoft 365
How do I resolve an MFA problem?
MFA Deny means that a system rejected the user’s attempt to access an account, website, or application protected with Multi-Factor Authentication (MFA). The login attempt could have been denied for various reasons. If you’re experiencing MFA problems or setup issues, the following suggestions can help:
- Clear your browser’s cookies and cache by deleting temporary internet files or cached files.
- After clearing your browser’s cache, update the password associated with your account.
- Using your new password, sign into your account and complete the steps in the multi-factor authentication setup.
What happens when MFA fails?
When MFA fails, it could be due to an outage, in which case, users won’t be able to sign into the accounts or services. To resolve or work around the issue, MFA can be disabled to allow affected users to keep working. The accounts for MFA can be re-enabled once the outage is over and normal service resumes. Of course, this assumes that you can still sign into an administrator account to reset MFA for users.
Read Outlook prompts for passwords when Modern Authentication is enabled.