If users in an organization aren't receiving multi-factor authentication (MFA) code emails from msonlineservicesteam@microsoftonline.com, it's likely due to email delivery issues such as spam filtering, blocking, or other email security settings.
Here’s what a user should tell their IT department to check and do:
Suggested Message to IT Department:
We're not receiving MFA code emails from Microsoft, specifically from this address: msonlineservicesteam@microsoftonline.com.
Can you please:
- Check spam/junk filters and quarantine: Ensure the emails aren't being flagged or quarantined by our spam filters or email security tools.
- Whitelist the sender/domain:
- Whitelist msonlineservicesteam@microsoftonline.com
- Also consider whitelisting @microsoftonline.com or *.microsoftonline.com if allowed by policy.
- Check any third-party email security services we use (like Mimecast, Proofpoint, Barracuda, etc.) to make sure they're not blocking or delaying these messages.
- Check mail flow/transport rules in Exchange Admin Center or Microsoft 365 Defender (if applicable) for any rules that could affect these emails.
- Monitor email logs to see if these emails are being received, deferred, or rejected.
These are critical for ACGME platform authentication, so resolving this is urgent.
Common Firewall and Proxy Configuration Issue
A frequent cause of authentication failures is firewall rules blocking the *.b2clogin.com domain. This endpoint is often overlooked during network configuration, but it is essential for proper functionality.
If your environment uses a corporate proxy, ensure that SSL inspection is disabled for these endpoints. The Microsoft Authentication Library (MSAL) uses certificate pinning, which can fail if SSL traffic is intercepted or modified, leading to authentication errors.