This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 18%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
We are running 2012R2 ADFS with Azure MFA. The MFA handover seems to be failing for some users. They can successfully logon to Microsoft 365 Apps using MFA, but when trying to logon to On-premises or other Cloud Apps (RDWEB, Zoom, Oracle) they get prompted for MFA but their phone number is not already there and when they add their phone number, they receive the text code but then Federation Services gives a fail and there is nowhere to enter the text code.
This is only happening for some users. Other users don't have this issue.
I have had some success with choosing other method and changing the MFA method to phone call and entering the same cell phone number.
I tried removing their phone number from Authentication methods in portal.azure.com and selected 'Require re-register MFA'. This helped some users, but I still have the problem with others. Also, there must be somewhere else where the phone numbers for MFA when using ADFS are stored, as after removing phone number and requiring re-register MFA in Azure, I have seen users still offered the text to xxx xxx 1234 when logging in. Just with ADFS Apps/Services though, M365 Apps ask them to setup a method.
Does ADFS store MFA info? Where? How can I diagnose this more?
Regards
Phil
Please Create an Azure support request to better address the issue.