How to migrate Microsoft Authenticator App with Azure AD B2C account to new phone?

0
votes

With Multi-Factor Authentication enabled Azure portal, it requires users to approve every login in users’ Authenticator App.

When I changed my phone, Authenticator app must be migrated to my new phone. I used Back and Recover function of Authenticator app. I backed up and recovered account details to new phone. As work or school accounts, the migration process requires Additional Security Verification, which requires to rescan all QR codes of all accounts in Authenticator app. I have rescanned all QR codes of work or school accounts that I created.

Now my issue for this migration is Azure AD B2C account. It was created by Azure when I created Azure AD B2C directory. The name of the account in Authenticator app is admin_mydomain.com#EXT#@mydomain.onmicrosoft.com. It is not a work or school account. From the name, it may relate to my Azure login account ([email protected] a work or school account). I have spent many hours for it. But I still don’t know where this special account details stored. So I can’t get the QR code of the account for Authenticator app. I can’t finish my Authenticator app migration.

This account authentication is required when I switch from Azure primary directory to Azure AD B2C directory in Azure portal.

Please help me with this issue. Thanks.

2
azureazure-ad-b2c

2 Answers

0
votes

admin_mydomain.com#EXT#@mydomain.onmicrosoft.com is the UPN (user principal name) for the user hosted in the Azure B2C tenant for your work account [email protected]. Scan QR as with others but switching first to the B2C tenant.

0
votes

There are a few steps need to fix this issue.

  1. Need a global admin account of Azure AD B2C active directory. But You can’t use the one that you are going to migrate. Please create one if there is no other global admin account available.

  2. Go to Azure Active Directory of Azure AD B2C directory. Please click on the Properties in the left main menu. Then go to the bottom of the Properties page. Click on the link: Manage security defaults. Disable security defaults and save on the popup window.

  3. Run local PowerShell as local admin. Run following cmdlet to connect to Azure AD B2C active directory. PS C:\WINDOWS\system32> Connect-MsolService

    MAF login will ask for user name and password. Please use the credential of the global admin account mentioned above. If there is no error appear, run the following cmdlet:

    PS C:\WINDOWS\system32> Set-MsolUser -UserPrincipalName admin_mydomain.com#EXT#@mydomain.onmicrosoft.com -StrongAuthenticationMethods @()

  4. Go back to Azure Active Directory of Azure AD B2C tenant > Properties of the left main menu > the bottom of the Properties page > click the link: Manage security defaults. Enable security defaults and save.

  5. Login to Azure portal with [email protected], then switch to Azure AD B2C directory. You will see a popup security setting wizard. That is same wizard as we first set up the directory. Please follow the wizard. You will see the QR code for admin_mydomain.com#EXT#@mydomain.onmicrosoft.com. You can scan the QR code to finish the MS Authenticator migration.