Microsoft Account Generate Qr Code

[Lorin Cupples]

Hithere, I recently began getting a LOT of emails from Microsoft with single use codes. There is no way I was genuinely generating these myself. Any time I need one, it arrives and I use it with no issue. But these additional ones were concerning me. The times also suggest this might be a real person in my time zone. There are patterns.

I turned off that particular alias for sign in, now when I try to use that the log in screen will outright tell me "This alias is turned off for sign in". So it should be impossible to get emails citing that alias, right? Well I am still receiving them. My question is, can I write those off to simply being spam? Or, can they still be generated if someone is clicking one of the various 'forgot username / Reset account associated with this alias' options?

I have checked and the From address on these single use codes are the exact same as the legitimate ones I use from Microsoft. They also are consistent and appear (formatting wise) to be legitimate Microsoft emails. They also tell me to ignore it if I didn't request it etc, whereas we know most phishing emails look odd and will often not mention that choice as they want an action performed.

To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.

It's concerning that you're receiving unexpected single-use codes from Microsoft despite disabling the associated alias for sign-in. While it's possible that these emails could be spam, the persistence and apparent legitimacy raise valid concerns. It's crucial to consider the possibility of someone attempting to access your account through other means, such as using the "forgot username" or "reset account" options. Even though the alias is turned off for sign-in, it doesn't necessarily prevent someone from attempting account recovery using that alias, resulting in the generation of single-use codes. To verify the legitimacy of these emails you may want to contact Microsoft support for a more in-depth investigation into your account activity and to ensure that your account security is not compromised.

As of 3/23/24 Charlotte Miriam Rogers seems to still be accurate - thank you. My problem with this entire behavior is the how Microsoft is misleading during the process. If this app has the ability to be backed up and restored, then let it do that. If it can't restore the Microsoft account, tell me. Do NOT tell me to scan the QR code "provided by your organization" when there's no such thing and you waste my time and my Admin's time trying to find such a code. Tell me to reset this account from scratch, because that's what's taking place. Tangent topic: why is the backup process limited to a personal MS account - how does that make sense?

Bill Halfmann has it bang on - it is a terrible error dialogue that MS have chosen and causes lots of fraught conversations between IT support teams and staff/ users who ALL INSIST you must give them a QR code when actually you need to 're-require multi factor authentication' (and since MS Entra, that's moved to a different place than with Azure. Dumb move MS !!! PLEASE fix it

I agree with both of the above folks. How many people that work in IT have had to get a new phone.. What a horror when I have to re do 100's of accounts. Also being the owner of my business, who thought it was a great idea to let people use their business email for a personal account. Talk about double confusion when they leave the company, we delete the address and not they can't reset it. Microsoft needs to work on the basics.. AI,, your guys need to just figure out the intelligence part first.

The problem with this solution is accessing the security info in your account settings requires successful authentication (at least in my environments), which you can't complete if your authenticator isn't working. Someone from your IT department (me) has to require re-registeration of your MFA. As an admin, I've been unable to find a way to help someone recover their Microsoft Authenticator other than clicking the option "Require re-register multifactor authentication" within Entra. Having backups enabled in Microsoft Authenticator doesn't seem to do anything for enterprise accounts. My personal Microsoft Account was recovered, but none of my enterprise or business accounts were. All of those say I need to scan a QR code from my organization to finish recovering those, which is basically the same process as not having backups turned on in the first place.

If you're a 365 admin, you can go here _AAD_IAM/ActiveDirectoryMenuBlade, look up the user, click authentication methods in the left pane (it's also displayed as a center tile for me) then click the Require re-register multifactor authentication option at the top. Now, when the user tries to access their security info at office.com or , instead of being prompted to complete an authentication request, they'll instead be prompted that their organization requires additional setup. Follow the wizard (next, next, etc.), and it will display the QR code.

This did work for me. More a criticism of Microsoft than this solution: Is the ONLY way to get a QR code for Authenticator following a restore really to delete the existing account and re-create it? How is that a "Restore from backup?"

This works and is really simple. No need to delete, I just added a new sign in method and scanned the QR code with my new phone = 8 seconds. Only took 68 minutes of searching everywhere/Google/MS forums etc to find a solution that works. Unsure why MS bury the only useful info. Zero info elsewhere - nothing on the Authenticator app to say how to do this.

Thank you so much. Your solution worked perfectly and so quickly. As a "side note" - this was so unintuitive and circular - I had been going around and around in frustrating circles adding and deleting phone numbers and emails etc... I didn't realise/understand that I needed to delete the Authenticator as a sign-in method...!! And I agree with other commenters that this hardly seemed like a method to "Restore from backup"! It also didn't help that none of the organisations that require me to use the MFA system listed any helpful methods in their "troubleshooting" guides. I can't help but feel that the Microsoft Authenticator is a half-baked system...

Thank you Takudzwa A Vafana, this was indeed helpful and saved me time today, I also try to help where I can on random posts, and so we should all take a little extra time to help, as it is then repaid by good peeps like us :)

I am the admin of my business account, for which I have been locked out of when I updated my phone. (Using my personal account for commenting and following advice and support). I cannot get into any of my office accounts due to Authenicator, as no platform will show a QR code or display a 6 digit code. All platforms want a code to type in, but nothing will give a code.

To provide the additional security verification by scanning a QRcode for my Microsoft work accounts after moving to a new iPhone, I found the following paragraph on a Microsoft Support page helpful. (this advice is for when just recovering your Authenticator account from a backup on your new device is not sufficient to restore full account verification).

It is helpful to be able to approve any required logons to the system that you need to verify on the new device using the Authenticator account approval on your old device. After you're logged on to your account on a computer go to the Additional Security Verification page (link quoted above)

When you get to the Additional Security Verification Page, click on the button to Setup Authenticator App and you will generate a QRcode that will allow you to authenticate your account on your new phone. You can delete accounts on past phone from the same page.

For one account at a university where I'm just a user, trying to follow the Additional Security Verification link didn't work. I was just bounced back to my account profile that I had been able to access using the Authenticator approval on my old device. For that account, and perhaps a simpler way to begin with than the above method. I just clicked on Security Info in the left navigation pane of my account profile. When the Security Info page came up, I just clicked on + Add Sign-in Method. Click through all the steps to pick the Microsoft Authenticator and your verification method (I pick NOTIFY) until you get to the following pop-up dialog:

When you click NEXT, you'll get a QRcode to authenticate your account on your new phone. The problem with all these account setups, AFAIK, is you don't get to name or rename any of the authorizations. I wish Microsoft would fix that. I see now that DSPatrick in his next to last post above mentions + Add Sign-in Method as the solution, too.

There are different instructions for further authenticating personal Microsoft accounts on a new device basically requiring sign-in with your user name and password for the account you wish to verify. If you've already set up two-factor authentication, it's helpful to still have Microsoft Authenticator working for the account on the old device to approve the sign-in on the new device that you're verifying.

I've created a Microsoft Authenticator backup for several Microsoft 365/Azure Work or School accounts, but when recovering to a new device these need additional verification in the form of a QR code. I can't find how to make this QR code as an administrator, and have found no links on Microsoft pages (e.g. Recovery Process) to direct on how to do this.

3a8082e126