While trying to register for Azure Multi-Factor Authentication on your mobile phone, we might see a common error We couldn’t add the account. Please verify that the activation code is correct and push notifications are enabled on your device for this app.
In your organization if Azure MFA (Multi-factor authentication) is enabled (either through Security Defaults or Conditional Access policy), and when first time you login to Azure Portal, you will be prompted with message
More information required
Your organization needs more information to keep your account secure
On next page, you will see Keep your account secure and will ask you to configure the Microsoft Authenticator.
On Set up your account page, you will get message add an account, and select “Work or school”, click Next.
Next page will bring up Scan the QR Code page, at this time you need to launch Microsoft Authenticator on your mobile phone, and have to Add account with Work or school account and will be prompted with:
Scan a QR code
Going with Scan a QR code, and when you try to scan it using your camera, you might see error:
Unable to add the account
We couldn’t add the account. Please verify that the activation code is correct and push notifications are enabled on your device for this app.
There could be multiple reasons which could prevent adding the account, few of them which I am aware of and sharing here (though there could be more than that):
The user might be under Blocked users list under MFA settings.
Navigate to Azure Active Directory > Security > MFA > Block/unblock users. Unblock the user which will resolve the issue.
It make sense to block the MFA in case users mobile phone has lost and they have called service desk and informed the same. This is going to be one of the steps performed by engineer to block any kind of login attempt using MFA.
This reason is related to your mobile phone settings. Here I am specifically talking about Android device (Samsung device) where battery optimization is turned on.
The easiest option would be to launch Microsoft Authenticator, click on vertical 3 dots on top right position and select Turn off battery optimization which show you message
Stop optimizing battery usage?
Authenticator will be able to run in the background. Its battery usage won’t be restricted.
Click on Allow
Relaunch the Microsoft Authenticator, you will see Battery optimization option has gone now.
Battery optimization setting is available under following location (on Samsung phone), this setting may vary depending upon any other phone:
Apps > Special access > Optimise battery usage
As you can see Authenticator is in off state.
Notifications would have been turned off in your mobile settings, make sure to enable.
Once you are able to identify and resolve the issue, you will get message Account Added successfully