This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 67%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hello there,
We have a CA policy created to enforce MFA for the risky users in AAD. The policy is getting applied on one of the user accounts and prompts for the MFA however when we check we don't find that user in the risky user report in AAD.
We have already checked what if for the CA policy and the sign in logs. The sign in logs show that MFA was prompted because the user was flagged risky. We want to know how the CA policy is getting applied when the user is not found in risky users list.
Any help would be appreciated.
Is this a guest user? They dont show up in the Risky User List.
Is there also a Risky Sign in policy?
Thanks for the response. Its not a guest account. Its an internal user account. There is no risky sign in or risky user polices. Just the CA to enforce MFA if the user is risky with any level.
Ok, thats what I meant, you are using a CA policy or Identity Protection
Are you licensed with a P2? Do you see other accounts listed?
