Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Push Notifications don't work properly O365 #30680
Note: I've attempted several times to work with Office 365 support unsuccessfully to resolve this.
If I use passwordless logon with outlook.com (microsoft account) when an auth is required, there is a push notification on the device paired (in my testing either an iPhone XSMax (with and without a paired Apple Watch 2 with the authenticator app) and iPad Pro) with that account. You click on it and must unlock said device and you are then prompted to select the proper code.
When attempting to do the same with a corporate account (O365) there is no push. Rather no real notification. However if you unlock said paired device and open the Authenticator app, you will get a list of the codes to choose from, but it takes a few extra seconds or in some cases requires a pulldown refresh.
I've tried unregistering devices, turning off MFA on the account and turning it back on as well as disabling the tenant and reenabling it and setting up MFA and converting it to passwordless.
I'd love to find the right team to work with to figure out if there is some error or if this is a bug of some sort. I can provide much more detail if I find the right avenue.
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
Just in case someone else finds this, I resolved this issue by going into the Microsoft Authenticator app, choosing to "Disable phone sign-in" for my AAD Work Account, and then enabling it again right after. This updated the icon in the https://myprofile.microsoft.com portal from a normal MS Authenticator padlock icon, to a phone sign-in icon like you see in the app itself. After about half a day, the push notifications then started working for the passwordless sign-in flow.
My assumption is that because I had enabled phone sign-in on my app for my AAD account, before I could actually use the flow.. that the correct type of app registration was not in place.