I've been receiving numerous reports about unexpected multi-factor authentication (MFA) requests coming from Entra over the last 24 hours. These notifications are alarming, especially since they're being reported by several senior admins. Interestingly, the sign-in logs don't show any sign-in failures, but I've noticed these requests listed in the Behavior Analytics table after some delay. Furthermore, there's nothing unusual in the IP addresses within the users' Audit Logs. Given the volume of reports and the variety of individuals affected, I suspect this might be an issue on Microsoft's end. I've filed a ticket with them, but I wanted to gather some insights from the community too.
2 Answers
I've seen a couple of posts about this too. It looks like a widespread issue! Here's a couple of links to discussions:
- https://www.reddit.com/r/sysadmin/comments/1l8s6qx/unsolicited_microsoft_mfa_messages/
- https://www.reddit.com/r/sysadmin/comments/1l8ug6p/phishing_microsoft_mfa_text_codes/
Yep, it was a rough morning when I woke up to those texts. Definitely caught me off guard!
Same here! I’ve been investigating since 4 AM PST. I think I need a break from this!