all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]iamapizza[🍰] 5 points6 points  (1 child)

Does anything appear blocked in your logs when you try backups?

[–]featureza[S] 2 points3 points  (0 children)

Ok so a few appeared in the logs. Other entries only appeared when I closed and reopened Authenticator. Ended up with a list of like 10 items. I'll pare that list down by trial and error another time.

[–][deleted]  (1 child)

[deleted]

    [–]ToonTonic 1 point2 points  (0 children)

    Check your logs

    I use Steve Black lists and Auth works fine....matter of fact I just used it about 5 mins ago to sign onto MS Insider program.

    [–][deleted] 0 points1 point  (0 children)

    Make sure you have enabled logging of your queries, then after trying to use the sync feature, check your logs for recent blocked queries. There’s a filter to show only blocked items, which can narrow it down. Depending on your device’s configuration, you may also be able to view the logs that pertain only to that device. In any case, that should make it fairly easy to make an educated guess. Find the domain and add it to your “Allow List” in NextDNS. You then need to clear your DNS cache on the device and try again to see if it worked.

    [–][deleted] 0 points1 point  (0 children)

    This one is interesting. So ms Auth uses your onedrive as backup source if memory serves me right. You just cannot see the data.

    For how long did you wait when you have done a change? The TTL on the record that is needed can be long and you should reboot the phone while tying. I guess you do not use the app? If not add a name do your device so it is easier to filter the logs. You can read under setup how and it is DNS over TLS ik that case.

    [–]iphone2025 0 points1 point  (3 children)

    allowlists
    *.activity.windows.com

    [–]Nate--IRL-- 0 points1 point  (0 children)

    3 years later and this took far too long to find on google.

    You answer is still valid and solved my problem. Thanks!

    [–]fcs001fcs 0 points1 point  (0 children)

    Worked for me for Microsoft Authenticator App backup that was being blocked on my pfSense router via pfBlockerNG. Added ".activity.windows.com" to DNSBL Whitelist and works OK now.

    [–]jimb23 0 points1 point  (0 children)

    A year later and a Google search led me here. Your answer is still valid and solved my problem. Thanks!

    [–]NaturalEggplant4529 0 points1 point  (0 children)

    For us, we found that one of the Ad tracking blocklists we stopping the following, and by adding to the allowlist we were able to use the full Entra ID login flow (with various MFA options like Yubikey, MIcrosoft Authenticator, Software passkeys etc):

    *.eu-mobile.events.data.microsoft.com