I've got to use Microsoft Authenticator for work, and I can sign in with it, but the sign in gets "blocked" saying: "We are currently unable to collect additional security information. Your organization requires this information to be set from specific locations or devices."

I've installed Play Services and such, but haven't been able to get it to work. I've got Google's location accuracy turn on and have given MS Auth all permissions before opening it for the first time. Tried installing Play Services before and after installing MS Auth (I'm using it in a secondary profile). Tried installing from the Aurora store and Play Store.

Any ideas? This is the only hangup left for me to fully switch to GOS. Currently testing it in a Pixel 4a.

    Hello,
    Have you tried différent 2FA app ? Some ARE opensource.
    Bye
    Y

      Rennnat I think there are two possible causes:

      a) The app itself has not been set up according to your organization's requirements. Some require Microsoft Authenticator to be set up with specific steps, such as that you have to scan a QR code that has been generated on a compliant device. They may disallow directly signing in to the app with your work account.
      You could try uninstalling the app completely, and then carefully follow the instructions provided by your organization on how to set it up. This is assuming that your work is even providing you with instructions! If they don't, ask them.

      or it could be

      b) Your organization has set up policies in Entra ID to disallow devices and IP addresses that don't meet certain requirements, and you are triggering one or more of these flags somehow. It's hard to know for sure what these actually are without asking the admins of these policies. First, I recommend following a).

          coucou Organizations have the choice of allowing the usage of other authenticator apps. It's possible to "trick" the Microsoft Authenticator registration process into giving you that option, but a) the organization might block that option, and b) I don't recall how to do it, and I don't use Microsoft Authenticator where I currently work so I'm not sure I can test.

          The work might allow for FIDO security keys, as Entra ID supports, but that's not the question at hand here.

            coucou MS Auth is required by work and not all 2FA systems support third party options.

              fid02 really good thoughts. I have it working on a Pixel 4a 5G that is rooted and not passing what Google Wallet requires. I'll try to investigate those options. Thanks!

                @Rennnat Happened to me due to being connected to a VPN. Ended up just installing it along with other work apps in a separate profile without a VPN. Not ideal but works well enough with my work flow

                  GrouchyGrape we all have to make compromises in our privacy journeys, but giving out my real IP so far has not been one for me.

                  There are a lot of options before giving up on the VPN. Try different VPN providers (Proton is perhaps the only quality VPN to offer free tiers, so it's a possible backup VPN), different countries, different servers within the same countries.

                  I even found a couple of websites (both big financial corporations) that block VPNs but somehow haven't heard of Tor lol.

                      Hb1hf as a network engineer, I tried everything. I spoke with the IT director and he stated he only allowed IP addresses known for our geographical area that weren't registered as data centers. All in the name of "security".

                      I pay for proton VPN and mullvad. Proton is usually great at getting around VPN restrictions, but no servers worked. I'm always behind CGNAT so giving away my IP isn't usually an issue. That being said, I run an always on VPN on my other used profiles for privacy from my ISP

                          GrouchyGrape I'm always behind CGNAT so giving away my IP isn't usually an issue

                          That's interesting. Do you have an idea how many people you share your IP with? And are you talking home internet or mobile?

                          Oh, another idea: host a VPN in a VPS maybe? And using it only for the specified service that gives you trouble? I'm guessing If you got to the point of talking to the IT director it's worth the money/trouble?