The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Multi-Factor Authentication!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
setting up MFA using the Microsoft authenticator app RRS feed

  • Question

  • Hi All Hoping someone can help. We are fairly new to setting up MFA via the O365 admin center and have been testing which ppears to have worked. However, I have recently got back from holiday and have been trying to re-set it up for me but when I try to select the authenticator app on the 'Additional security verification' screen i get the following error:

    Warning An error was encountered You cannot have more than five hardware tokens or authenticator apps. Please delete one or more of your authenticator apps and then add a new authenticator app. If you need to delete your hardware token, please contact your administrator. Disabling a hardware token will not allow you to add a new authenticator app. any help would be most welcome

    Sunday, September 1, 2019 11:07 PM

Answers

  • I recently encountered this issue you posted and after digging around, I was able to identify the issue.
    I stand to be corrected but it seems the maximum number of hardware tokens or Authenticator apps that can be added to an account is 5. This may probably be the default setting by Microsoft.
    Its possible that during your testing you have configured MFA on the test account up to 5 times hence the issue.
    To confirm how many MFA devices are configured on the account, go to https://mysignins.microsoft.com/security-info
    Sign into the account and you should see all the devices that had MFA configured to access the test account.
    Go ahead and delete all the stale or unneeded devices and you should be good to go.
    Hope this helps.
    Monday, September 23, 2019 2:33 PM

All replies

  • As the error message mentions, you seem to have OATH tokens configured.

    Azure MFA supports upto 5 two factor authentication methods. In case you need to add the App Authentication, I would suggest you to contact your the Global Administrator of your Azure Tenant to have the current hardware tokens disabled and the then add the App Authentication.

    Refer - OATH hardware tokens (public preview)

    -----------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, September 2, 2019 2:05 AM
    Moderator
  • Hi Ray

    Thanks for your reply. We dont use hardware tokens. I have been testing while creating doco with my user account before we roll MFA out to the company working out i we get users to use the microsoft authenticator app and had been using it fine until all of a sudden this error came up. Other accounts are fine using the app and if I use the phone method I can progress.

    I checked in our azure ad tenant and there is nothing showing under MFA - OATH tokens and there doesnt appear to be anything setup under Manage MFA Server

    sorry, rather knew to this

    Tuesday, September 3, 2019 9:12 PM
  • Could you post a screenshot of the error message that you are getting ?
    • Proposed as answer by loadedleke Monday, September 23, 2019 2:17 PM
    • Unproposed as answer by loadedleke Monday, September 23, 2019 2:17 PM
    Wednesday, September 4, 2019 10:37 AM
    Moderator
  • I recently encountered this issue you posted and after digging around, I was able to identify the issue.
    I stand to be corrected but it seems the maximum number of hardware tokens or Authenticator apps that can be added to an account is 5. This may probably be the default setting by Microsoft.
    Its possible that during your testing you have configured MFA on the test account up to 5 times hence the issue.
    To confirm how many MFA devices are configured on the account, go to https://mysignins.microsoft.com/security-info
    Sign into the account and you should see all the devices that had MFA configured to access the test account.
    Go ahead and delete all the stale or unneeded devices and you should be good to go.
    Hope this helps.
    Monday, September 23, 2019 2:33 PM