14 day grace period isn't working for Identity Protection

Question

After purchasing Azure Premium P2 licenses to gain access to the Identity Protection features, we are unable to get the user experience to have the 14 day MFA registration grace period. I've cleared my MFA information and placed myself into the conditional access group and Identity Protection target groups. Upon next sign-in, I'm prompted to provide additional information. However, I am forced to do it on the first sign in. The documentation found here (https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-user-experience#multi-factor-authentication-registration) says that the users will be given 14 days to register, during which they can bypass the prompt. Is this feature no longer supported?

My test user is already in the appropriate conditional access group and I've setup the MFA registration requirement for the same user in Identity protection. Am I not being given the 14 day grace period because the user is already in the conditional access group?

Answer 1

Hi @Blakey, Gregory ,

There are two reasons why the 14-day grace period might be skipped.

1. There is a Conditional Access policy enforcing Multi-Factor Authentication - This seems like it might be the case for you, since you mentioned that the user is in a Conditional Access group. If a Conditional Access policy requires MFA then the user must be able to pass that MFA request. So if a user is not registered but an MFA policy is enforced, then the user will be required to register and complete the MFA. The conditional access policies trump the grace period in that case, which is good for users who may not want a grace period to begin with.
2. The other reason could be that the users have already gone past the grace period. After an admin has enabled security defaults the 14 day grace period starts after the user has first completed a sign-in.

In your case it seems like this is due to that Conditional Access group, as you pointed out.