Microsoft Monetize - Troubleshooting MFA
You can find answers to the most common issues associated with Multi-Factor Authentication (MFA).
MFA invalid code
Some users are reporting that after entering their one-time password they are getting an error that says: SEEMS THAT YOUR CODE IS NOT VALID. PLEASE CHECK AND RETRY.
Solution: This issue, most likely, is caused by the computer that they are using to log in to the Microsoft Advertising application and the mobile app that they are using to generate the one-time code to be out of sync in their respective clocks. Follow the below steps to resolve the issue:
Note
The actual steps will vary depending on the user's computer, mobile device and MFA app.
Check the clock time in their computer and mobile device. Most likely it will be different by a number of minutes.
Locate the CLOCK settings on your mobile device and follow the instructions mentioned in the below help topics according to your device platform:
Note
You may have to disable Set Time Automatically (or something similar depending on your device) to prevent this issue from happening in the future.
After both devices' clocks are in sync, try to authenticate once more using a new one-time code.
MFA authentication timed out
There are cases where due to lag/latency after entering your one-time MFA code, you still get an authentication error.
Solution: Restart the log-in process and input a new MFA one-time code again.
MFA timed out
If you arrived to the MFA one-time code input screen, but do not input a valid code within five (5) minutes, the following message will be displayed: YOUR LOGIN ATTEMPT HAS TIMED OUT.
Solution: Restart the log-in process and input a new MFA one-time code before it expires again.
Auth0 Guardian MFA app
Some users are reporting that the app that they are using for MFA authentication is no longer providing them with the MFA code. Many of these users are using the Auth0 Guardian app.
Solution: Unlike Google Authenticator which provides a new MFA code for each authentication attempt, Auth0 Guardian instead sends the user a push notification - NOT a code. The user needs to open or access this notification and click Allow to complete the MFA authentication process.
Don't delete MFA app
It's possible that some users are interpreting the concept of MFA's one-time passcode as "I only need to do it once and after that I can delete the app". However, this is not the case.
Solution: Users need to have an MFA authentication app (for example, Google Authenticator, Auth0 Guardian, etc.) permanently install on one of their mobile devices for as long as they need to continue on accessing a Microsoft Advertising application that requires MFA as part of the authentication process. If you have deleted the app, the way to resolve this is to request for Product Support to reset MFA for the affected users. Please contact Product Support with the email address for the affected user.
Multiple MFA accounts in the MFA authentication app
Many applications (Microsoft Advertising and other vendors, web/desktop/mobile) require users to setup MFA as part of the authentication process. Each of these applications' MFA codes are unique and specific to their respective application. It is possible for users to end up with multiple MFA accounts under their single MFA authentication app (for example, Google Authenticator, Auth0 Guardian, etc.).
Solution: Most MFA authentication apps - NOT the individual accounts - should allow a user to enter EDIT mode where they can rename each individual MFA account to something more meaningful than the name given by the MFA authenticator provider. This may help to make sure that you are selecting the correct MFA code for the application that you are trying to access.