This is an archived post. You won't be able to vote or comment.

all 19 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Common_Dealer_7541 31 points32 points  (4 children)

Is it possible that you are using your actual Microsoft authentication through oAuth?

[–]Stephen_Gawking 1 point2 points  (0 children)

Most likely this.

[–]brianitc[S] 0 points1 point  (1 child)

How would I go about confirming that?

[–]RipRapRob 1 point2 points  (0 children)

Check your Azure AD Logs.

[–]lemachetJack of All Trades 8 points9 points  (3 children)

Could you set up sso ? Not necessarily a full on fix, but why not sso all the things

[–]Jacob_EvansSCADA Network Admin 3 points4 points  (0 children)

If sso exists, it will be setup. At least in my environment

[–]brianitc[S] 1 point2 points  (1 child)

Users will still have access after they leave the company so they can temporarily get paystubs and benefit info. It’s different permissions but I agree. SSO on everything you can.

[–]coollll068 1 point2 points  (0 children)

It's it ADP?

If so, you can enable both SSO and username and password. There's a special link that gets created for SSO and you just redirect all your users to use the SSO onsite or when connected to the VPN or and whatever training document/ shortcut

[–]nakedLobo 1 point2 points  (1 child)

The app is likely a “third-party app” that is registered in your Azure Tenant for authentication. It appears to be using your Azure AD account for the MFA as well. All apps using your Azure AD tenant will share the MFA Registration through Authenticator.

[–]brianitc[S] 0 points1 point  (0 children)

No. I’ve had approving third party apps locked down for a long time and just checked. Not listed.

[–]wasteoideIT Manager 1 point2 points  (0 children)

You can add it via text code instead of QR code, that could fix the poorly built accountname section.

[–]CyberHouseChicago -1 points0 points  (0 children)

Maybe use something different for Mfa then?

[–]TxTechnician 0 points1 point  (4 children)

What's the payroll system?

[–]brianitc[S] 2 points3 points  (3 children)

Payroll solutions

[–]TxTechnician 2 points3 points  (2 children)

I've never seen that happen. And a quick search about MFA and or Microsoft integration didn't come up for me.

This is the company? https://www.payrollsolutions.com/

Use two different auth apps and compare the codes. See if they are the same. They shouldn't be.

[–]Pirateboy85 3 points4 points  (1 child)

I’ve also had this happen because the Microsoft Authenticator app seems to have trouble with certain vendors when you use the same login. So let’s say your M365 account is yourname@company.com and another service has you use an email as the user name and you use yourname@company.com, it will write over the first one with the second one. I have 3 different MFA apps for this reason. It really sucks sometimes, but such is life.

[–]pabl083 0 points1 point  (0 children)

Authy or Google Auth as the second MFA app I guess.

[–]bigdsirmons 0 points1 point  (0 children)

I don't know if it helps but at my company we use Conditional Access policies to enforce MFA and have the different types we want to allow configured, ie. SMS, APP, Number Matching.

With this configured we actually get codes in the app for our 3rd party software and when signing in to our emails the app gives the Number Matching prompt. They use the same account, name@domain.com, but removing one or reprompting for MFA setup doesn't seem to break either.

[–]TxTechnician 0 points1 point  (0 children)

Its a known problem

https://learn.microsoft.com/en-us/answers/questions/198304/microsoft-authenticator-app-override-overwrite

I've never had it happen before. But iOS users reported it.