Was stumpted on this one and had to get advice from Microsoft Support.
A single user couldn’t log in via Multi-Factor Authentication. SMS code would say it was sent, wouldn’t come through. Phone call also wouldn’t come through. Trying to set up another MFA method aka.ms/mfasetup would receive one of these errors:
You are blocked from performing this operation. Please contact your administrator for help.
We’re sorry, we ran into a problem. Please select “Next to try again.
There were zero search results for that first error word for word, which is never a good sign.
There’s several areas you can check for blocked users such as:
https://protection.office.com/restrictedusers
https://protection.office.com/threatincidents
https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/RiskyUsers
But I couldn’t find the user listed in any of those.
After logging a case, Microsoft Support advised to check here:
And of course, that’s where the user was listed. They’d had some suspicious activity (a MFA phone call they didn’t initiate) so chose the option to block future sign in attempts, as you’d hope. This also triggered an email alert to admins, and that link is where the user’s block is listed until released.
Really useful article. Many thanks for posting.
This saved my sanity!!!!!!! Thank you!
Aside from Global Admin, what roles are required to allow a helpdesk the ability to unblock users from the https://portal.azure.com/#view/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/~/BlockedUsers blade? I can’t seem to find any documentation.
OMG, this was a life saver as I was having the hardest time figuring out my end-users issues. Thank you for taking the time to post this.
Really saved my 3 day issue, even Microsoft can’t solve it! Thank you.
DUDE you are the BEST. I had a teacher in our district that COULD NOT get a text and I could not find an answer based on the first few screenshots he sent. Then I had a remote session and we got that “You are blocked from performing…” message which brought me to you. That brought me to this area in Azure for blocked MFA users. (who knew?) And there he was! He said he was using the authenticator app and accidentally hit the “it’s not me” button and that is what threw him into the blocked list. Anyway I learned something new today and I thank you for posting this.
That’s very kind of you and thank you for taking the time to post your thanks!