Why? An MFA challenge needs to be processed correctly.
Steps to resolve:
- If the error snippet includes `00000002-0000-0ff1-ce00-000000000000`, that means that the Huntress Azure App didn't receive Exchange authorization. Currently, the simplest solution is to reauthorize the integration, preferably using a browser without adblocking or, if unavailable, an incognito window.
- Verify the HuntressAdmin@domain.tld account that was setup in the Upstream Partner Tenant to authorize the Huntress Azure App is exclusively using Microsoft MFA and not subject to any other Conditional Access Policies.
- Downstream Client Tenants may have a Conditional Access Policy that is blocking access; this can be verified via Azure Sign-in Logs. Verify that downstream client tenant conditional access policies have exclusions set for Service Provider Users of Upstream Partner Tenant ID.
Potential other solutions where using Per-User MFA:
Please consider migrating to Conditional Access it's far safer. (Microsoft)
- Ensure there are no trusted locations (IP addresses set), at least for original Huntress app authorization.
- Ensure the `Remember multi-factor` setting is off (Microsoft)