Today, Raymond and I troubleshooted an issue for several people who received the ‘Sorry, we ran into a problem’ error when trying to register their security information. As is our mutual expectation, I decided to document the issue. When you run into the same situation, you might find it helpful.
An Azure AD admin has configured the following tenant-wide settings:
- The Security Defaults feature is disabled.
- The combined registration for Azure MFA and Azure AD Self-service Password Reset is enabled.
- All authentication methods in the legacy PhoneFactor portal are still allowed.
- No Conditional Access policies were created or modified to include the Register security information action.
A person in the organization tries to register the security information for their Azure AD account. Independent of the method chosen, the person gets an error. For instance, when registering the Authenticator App, the person gets the following error in the registration experience after taking a photo of the QR code in the Authenticator App:
In the Azure AD audit logs, we found the following information:
Unfortunately, the status reason User failed to start the registration for Authenticator App with Notification and Code from the above log entry is not part of Microsoft’s Troubleshooting combined security information registration Docs page.
The Azure AD account for the person is not assigned the Microsoft Azure Multi-Factor Authentication license (plan).
In this particular situation, the license not getting assigned was due to an error:
Solve the issue that prevents the Microsoft Azure Multi-Factor Authentication plan from being assigned to the user account or simply assign the license to the user account if it's not assigned.
It isn’t uncommon to see technical posts on Microsoft Docs not incorporating licensing issues. It gets weird when the above issue was seen roughly a year ago by another Microsoft employee and the issue was resolved, but not added to the troubleshooting document linked above…