This is going to be a bit of a gripe post, but there might be some useful stuff in it. Or not. But it’s one of those things where writing it up might help me feel better about it, and might also come in handy later if someone has a similar problem. (Or if I have the same problem again and can’t remember some details.)
So this all started, I think, after I spent some time messing around with the new iOS 15 focus modes. I’d played around with them a bit when iOS 15 first came out, but something made me decide to mess around with them some more. To make a long story short, I tried out the “sleep” focus mode for a day or two, then decided that it wasn’t for me and went back to just using the “do not disturb” mode, scheduled to turn on at 10 PM and off at 5 AM every day.
After that, some of my notifications stopped working. I’m not sure that messing with focus is what broke notifications, but I’ve read up on the issue a bit, and it seems like that’s the most likely culprit. It seems like there’s a bug in iOS 15.2 that messes up notifications in some cases, often after you’ve messed with the focus setup. I’m pretty sure these were all notifications that would fall under the “push” category. So I wasn’t getting notifications on new emails from my Fastmail app, which was annoying but not a big deal. But I also wasn’t getting notifications on MS Authenticator, which is kind of a big problem for me.
I have more than a dozen accounts set up in MS Authenticator, mostly for CSP-related accounts. They all require MFA, so when I log into one of those accounts, it sends a push notification to my phone that I need to approve. And that wasn’t working. There’s a fallback, where I can get a six-digit code from the app and type that into the web browser. That’s what I’d been doing for a few days, but I really wanted to fix that.
I’d seen some advice online about fixing the notification issue by removing any app that wasn’t working, and reinstalling it. That worked for the Fastmail app, so I thought I’d try it for the Authenticator app too. Now, the Authenticator app has an option to back up its configuration to iCloud. And I had that turned on, so I thought I would safely be able to pull it back in after reinstalling the app. Well, it turns out that it’s not that simple. I did manage to pull in the backup, but for most accounts, you have to go back and redo the setup on the account anyway. You’re just pulling in a placeholder from iCloud. That was a pain, but not a huge problem, for accounts where I had my cell phone number set up as a backup. But for some of the oldest accounts, I either don’t have a backup, or I have my work desk phone set as the back up. And I’m working from home and don’t have a way to get to my desk phone. So that’s a problem.
Tomorrow, I’m going to try to find someone else with admin rights who can go in to Azure AD and set my cell phone # as my backup auth method so I can finish the setup on these accounts. I’m a little worried that I may have to bug someone at a fairly high level to do this, which could be a little embarrassing. But hey, we all screw up now and then. And this is more Apple and Microsoft’s fault than mine. (Apple’s fault for screwing up notifications in iOS 15.2, and Microsoft’s for not making it clear that the MS Authenticator iCloud backup isn’t really much of a backup.)
So the lesson here is that, before wiping out MS Authenticator, go into all of your accounts and make sure you have a good phone # and/or email address set under your backup authentication methods.
Once this is all straightened out, I need to write up a good procedure for transferring my MS Authenticator setup from one phone to another. My current iPhone just hit its three-year anniversary, so it’s time for me to start thinking about a new one. Setting up a new iPhone generally isn’t that hard these days, since you can just restore from an iCloud backup and most of your stuff will work. But there’s always some odd bits, like MS Authenticator, that trip you up. Even with all of my accounts set up correctly with backup auth methods, it’ll still take me an hour to get them all done. For each one, I basically need to open a new private browsing window, log in (using the SMS message backup option), then go to my account profile, delete the old MS Auth setup, add a new one, scan the QR code, wait for it to send a test push notification, approve that, and then finish the setup. That can take five minutes per account. I’m wondering if there’s a better way to handle this. Probably not. Most people don’t have Azure AD accounts in a dozen different domains, all requiring MFA, so my situation is not exactly a common use case that MS would have designed for.