stackoom
  简体   繁体   中英

How to migrate Microsoft Authenticator App with Azure AD B2C account to new phone?

 原文  2020-12-03 22:31:36       azure/ azure-ad-b2c

Question

With Multi-Factor Authentication enabled Azure portal, it requires users to approve every login in users' Authenticator App.

When I changed my phone, Authenticator app must be migrated to my new phone. I used Back and Recover function of Authenticator app. I backed up and recovered account details to new phone. As work or school accounts, the migration process requires Additional Security Verification, which requires to rescan all QR codes of all accounts in Authenticator app. I have rescanned all QR codes of work or school accounts that I created.

Now my issue for this migration is Azure AD B2C account. It was created by Azure when I created Azure AD B2C directory. The name of the account in Authenticator app is admin_mydomain.com#EXT#@mydomain.onmicrosoft.com . It is not a work or school account. From the name, it may relate to my Azure login account (admin@mydomain.com a work or school account). I have spent many hours for it. But I still don't know where this special account details stored. So I can't get the QR code of the account for Authenticator app. I can't finish my Authenticator app migration.

This account authentication is required when I switch from Azure primary directory to Azure AD B2C directory in Azure portal.

Please help me with this issue. Thanks.

3 answers

solution1
 0  2020-12-08 21:20:27

admin_mydomain.com#EXT#@mydomain.onmicrosoft.com is the UPN (user principal name) for the user hosted in the Azure B2C tenant for your work account admin@mydomain.com. Scan QR as with others but switching first to the B2C tenant.

solution2
 0  2020-12-13 05:24:05

There are a few steps need to fix this issue.

  1. Need a global admin account of Azure AD B2C active directory. But You can't use the one that you are going to migrate. Please create one if there is no other global admin account available.

  2. Go to Azure Active Directory of Azure AD B2C directory. Please click on the Properties in the left main menu. Then go to the bottom of the Properties page. Click on the link: Manage security defaults. Disable security defaults and save on the popup window.

  3. Run local PowerShell as local admin. Run following cmdlet to connect to Azure AD B2C active directory. PS C:\WINDOWS\system32> Connect-MsolService

    MAF login will ask for user name and password. Please use the credential of the global admin account mentioned above. If there is no error appear, run the following cmdlet:

    PS C:\WINDOWS\system32> Set-MsolUser -UserPrincipalName admin_mydomain.com#EXT#@mydomain.onmicrosoft.com -StrongAuthenticationMethods @()

  4. Go back to Azure Active Directory of Azure AD B2C tenant > Properties of the left main menu > the bottom of the Properties page > click the link: Manage security defaults. Enable security defaults and save.

  5. Login to Azure portal with admin@mydomain.com, then switch to Azure AD B2C directory. You will see a popup security setting wizard. That is same wizard as we first set up the directory. Please follow the wizard. You will see the QR code for admin_mydomain.com#EXT#@mydomain.onmicrosoft.com. You can scan the QR code to finish the MS Authenticator migration.

solution3
 0  2021-11-23 09:44:15

[UPDATE] I just realized that what worked for me, ist the the solution Alfredo R already posted. So I can confirm that this works.

While I'm still struggeling to revalidate my [username]@[custom-domain].onmicrosoft.com account, I think I found a solution for the AAD B2C problem:

  • Login to https://myaccount.microsoft.com/
  • Main menu "Securityinformation" will show you registered devices for your current organization
  • Main menu "Organizations": You should at least see the other organization of the B2C tenant
  • In the top right menu, click your avatar, and switch organizations, and swtich to the B2C tenant
  • The UI should be the same, but now your're logged in through the B2C tenant
  • Go back to "Securityinformation" and add your new device

I was lucky that my old device is still working, so I could switch easily organizations. If you can't switch because of MFA and no access to your old device, I think you still need to disable MFA in the B2C tenant as described the other solution and then turn it back on?

But I think thats the way to get the QR code for a B2C tenant, login to your account and switch to the B2C tenant by switching organizations.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Has a way to enable Microsoft Authenticator in Azure AD B2C? Configuring Azure B2C AD to use Authenticator app How can I configure Microsoft Account identity provider in Azure AD B2C to redirect to my URL How to Submit Azure AD B2C NEW User Submission in MVC App Differently-formatted issuerUserId when using Microsoft Account provider in Azure AD B2C Azure AD B2C Microsoft Account redirect_uri failure Create Azure AD B2C local account user with Powershell New-AzureADUser Reset the password for an unverified account with Azure AD B2C Google Home Account Linking with Azure AD B2C Azure AD B2C phone factor sign in guest user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM