User Can’t Receive MFA Requests for Azure AD / Microsoft 365

Was stumpted on this one and had to get advice from Microsoft Support.

A single user couldn’t log in via Multi-Factor Authentication. SMS code would say it was sent, wouldn’t come through. Phone call also wouldn’t come through. Trying to set up another MFA method aka.ms/mfasetup would receive one of these errors:

You are blocked from performing this operation. Please contact your administrator for help.

We’re sorry, we ran into a problem. Please select “Next to try again.

There were zero search results for that first error word for word, which is never a good sign.

There’s several areas you can check for blocked users such as:

https://protection.office.com/restrictedusers

https://protection.office.com/threatincidents

https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/RiskyUsers

But I couldn’t find the user listed in any of those.

After logging a case, Microsoft Support advised to check here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUsers/fromProviders/

And of course, that’s where the user was listed. They’d had some suspicious activity (a MFA phone call they didn’t initiate) so chose the option to block future sign in attempts, as you’d hope. This also triggered an email alert to admins, and that link is where the user’s block is listed until released.

12 thoughts on “User Can’t Receive MFA Requests for Azure AD / Microsoft 365

  1. OMG, this was a life saver as I was having the hardest time figuring out my end-users issues. Thank you for taking the time to post this.

  2. DUDE you are the BEST. I had a teacher in our district that COULD NOT get a text and I could not find an answer based on the first few screenshots he sent. Then I had a remote session and we got that “You are blocked from performing…” message which brought me to you. That brought me to this area in Azure for blocked MFA users. (who knew?) And there he was! He said he was using the authenticator app and accidentally hit the “it’s not me” button and that is what threw him into the blocked list. Anyway I learned something new today and I thank you for posting this.

  3. I’ll add my own thanks — out of the 7 school districts we support I have ONE user with this issue and could not figure it out. It wasn’t until I took over a ‘known working’ department iPad and tried setting up Authenticator without success that I finally found your post. Cleared the issue right up for us!

  4. You’re a legend. Had a user suddenly unable to receive MFA codes via SMS, getting errors like “Sorry, we’re having trouble verifying your account. Please try again.” with error code 500121.

    Only when I tried authenticating via phone call where we received the “You are blocked from performing this operation. Please contact your administrator for help.” error. It was specific enough that it landed me here. Thank you!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.