SOTI Pulse Logo

Microsoft Authenticator App Fails to Authorize Device in Shared Device Mode

Publish Date: 15-Apr-2025 Last Modified Date: 27-Aug-2025 SOTI MobiControl
1879 0

Summary

This article covers a Shared Device Mode issue where the Microsoft Authenticator App fails to authorize the device, caused by conflicts with the Company Portal app, and outlines resolution steps.

Related SOTI ONE Platform Products

SOTI MobiControl

Related Device OS

Android Enterprise

Issue Description

Devices enrolled in Shared Device mode are unable to complete authorization using the Microsoft Authenticator app. The issue occurs when both the Company Portal app and the Authenticator app are present on the device, causing conflicts that prevent proper authentication and Shared Device mode status detection.
In some environments, devices appear to lose their Shared Device registration shortly after initial use. While setup completes successfully and operators can log in and perform tasks, subsequent login attempts consistently fail. The device reports that it is no longer registered as a Microsoft Shared Device, and the Microsoft Authenticator app may display a message indicating that authentication has expired. This behavior can occur minutes after logout, suggesting that the Shared Device mode state is not persisting as expected.

Environment

SOTI MobiControl 2024.1.1

Symptoms

  • Login failures after initial successful setup and usage

  • Device no longer recognized as a Shared Device

  • Microsoft Authenticator displays “Authentication Expired”

  • Microsoft apps prompt for login unexpectedly or fail to launch

  • Issue occurs even minutes after logout

Microsoft authenticator error

Seetup Shared Device Mode Failed

 

Cause

The issue is caused by conflicts between multiple Single Sign-On (SSO) broker apps installed on the same device. Shared Device mode requires a single broker to manage authentication. When both the Microsoft Authenticator and Company Portal apps are present, they may compete for token handling, which can invalidate the Shared Device registration and disrupt session continuity.

Issue Resolution

Method 1: Without Device Reset

  1. Move the affected device from the Shared Device group to a clean device group.
  2. Remove all Microsoft apps from the device, including the Company Portal app.
  3. Use the legacy script "Clear Apps", which removes all apps except system apps.
  4. Ensure the Shared Device Group has only one broker app associated: the Microsoft Authenticator App. There should be no Company Portal assigned.
  5. Move the device back to the Shared Device group.
  6. Launch the Microsoft Authenticator app on the device and verify that it shows Shared Device mode status.

Alternative: Full Device Reset

If the steps above are not possible or don’t resolve the issue:
  1. Reset the device.
  2. Re-enroll the device into Shared Device mode using only the Microsoft Authenticator app.
  3. Assign the required Microsoft apps after enrollment.

Was this helpful?

Similar Articles

Triggering Google Play Updates Manually on Android Enterprise Work Managed Devices
07 Apr 2025
SOTI MobiControl
Zebra Android Devices: The Difference Between MX and OEMConfig
02 Apr 2025
SOTI MobiControl
Removing the Zebra Device Beeping Sound
07 Apr 2025
SOTI MobiControl
How to Unlock the Moto G54 5G Lock Screen on Android 15
17 Mar 2025
SOTI MobiControl
Launch App After Installation Option Not Persisting in App Policy Settings
10 Jan 2025
SOTI MobiControl