Resolution for Microsoft Authenticator Prompts Following Duo Update

duo microsoft update authenticator

On Tuesday, April 28, 2026, CIT updated to a more secure version of Duo multi-factor authentication (MFA) for Microsoft applications. While this improves security, some users are encountering prompts asking them to set up Microsoft Authenticator or add a phone number. This guide explains how to bypass these prompts and remove these methods if you have already added them.

In reference to CIT Service Alert: Performance Issue: Microsoft products prompting to use MS Authenticator instead of Duo

Important: Sign-In Requirements

To remain compliant with security protocols and ensure your sign-in process remains streamlined:

Do NOT download Microsoft Authenticator: Duo remains the primary and required MFA tool.
Do NOT add your phone number: Text or call authentication is not permitted unless you have an approved exception.
How to Sign In Correctly: If prompted for Authenticator, choose "Set up a different way to sign in" and select "Use (External MFA) external authenticator app" to be redirected back to Duo.

Note: If you have already added a phone number or Microsoft Authenticator to your account, please follow the steps below to remove them from your Microsoft account and your mobile device.

Step 1. Remove Methods from Your Microsoft Account

Navigate to the Microsoft Security portal: mysignins.microsoft.com/security-info.
Sign in with your NetID and password. (Select "Use (External MFA)" to use Duo).
On the Security info page, look for Microsoft Authenticator or Phone.
Click Delete next to these entries and confirm.

Step 2. Remove Accounts from Microsoft Authenticator App

To remove a specific account from the app on your phone:

Open the Authenticator app and select the account you want to remove.
Tap the Settings (gear icon).
Tap Remove account.
For more details, visit: Microsoft Support: How to sign out from Authenticator.

Warning: After removing the account, you will not be able to use that device to verify sign-ins for that specific account.

Step 3. Completely Undo Enrollment (App Reset)

If you want to completely wipe all accounts and enrollment data from the app, follow these OS-specific steps:

On Android:

Open Settings → Apps → Authenticator (Blue Shield Icon).
Tap Storage.
Tap Clear data → OK.

On iPhone:

Open Settings → General → iPhone Storage.
Select Authenticator.
Tap Offload App.

Note: This wipes all accounts from the app. There is no undo.

Step 4. Verify Duo as Default Sign-In

Ensure Default sign-in method at Security info is set to App-based token or hardware token (Duo).

**Tip: Check "Stay signed in" to reduce future prompts, but ONLY on personal, private devices. Never check this on public or shared computers.

If you experience issues, please contact ILR Tech Services at 607-255-5484.

We can also set up a Bomgar remote support session to walk you through these steps.

Was this helpful?

0 reviews

Print Article

Updating...