1. Log into the Defender domain controller: This would be the 1st DC listed in Defender Security Server (DSS).
2. Make sure the DC's are listed in the same order in all the DSS servers.
3. Program new Defender token for the user object.
4. Confirm that the activation file is displays the serial number. Send user the token file.
5. Before installing the new soft token confirm IOS defender app version is up to date.
6. Remove any existing tokens from Defender app on the phone.
7. Import new Soft token sent by the Defender admin.
8. Test authentication
9. May fail if the time between the server and phone device is off, if it does, re-generate the token using the OATH compliant option, and go through the above steps again.
If the above steps do not resolve the issue then a review of the Defender Console logs would need to be performed.