This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 0%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERN%3C/text%3E%3C/svg%3E)
We initially enabled Azure MFA but then disabled it due to issues.
We have one user on our Office 365 account who is still prompted for the “more information required” page when logging in. The ultimate error is “An error occurred. No valid strong authentication method found. Contact your administrator to configure and enable appropriate strong authentication provider.”
MFA is disabled for the user and disabled for the tenant (Enable security defaults is set to No).
The Event log on the ADFS server is Event 364, AD FS –
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
urn:federation:MicrosoftOnline
Exception details:
Microsoft.IdentityServer.Web.NoValidStrongAuthenticationMethodException: No strong authentication method found for the request from urn:federation:MicrosoftOnline.
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
The problem user account doesn’t appear to be any different from others that don’t have any issues logging in.
Does anyone any ideas where I look to resolve this?
Thanks
Russell
Hi @northport,
Looking at the error, there seems to be some Access Control Policy applied to Microsoft Office 365 Relying party that requires MFA to be performed and since MFA is disabled, authentication is failing at second factor.
On ADFS, global authentication method can also be configured to require MFA but as one user is getting this error I am suspecting it is not configured at global level but by specific Access Control Policy on the O365 RP.
Please check the access control policies on the O365 Relying party on ADFS Server and remove any policy that requires MFA to be performed. For more details on access control policies in ADFS, please refer to https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs.
-----------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.
Hi
Thanks for the reply.
I've checked the Relying Party Trusts and the attached Access control policy. The only policy In Use is the "Permit Everyone" policy.
The Relying Party Trusts has what I believe would be the standard Office 365 configuration.
Is there something more specific i could check to see why this one user isn't working?
Thanks again
Russell
Hello @Russel ,
Looks like you have set Security defaults to apply to your Azure AD and can be disabled as below:
Azure Active Directory > Properties> Manage security defaults at the bottom of the page >set Enable security defaults to No
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu
Hi
Thanks for the reply.
As mentioned in my original post, I already have this set to no.
"MFA is disabled for the user and disabled for the tenant (Enable security defaults is set to No)"
Thanks
Russell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 15%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
Hi Russell,
Out of curiosity, have you checked via powershell (as administrator) for additional authentication rules:
$ThisRPT="{Your RPT}"
(Get-AdfsRelyingPartyTrust -Name $ThisRPT).AdditionalAuthenticationRules
Using an Access Control Policy should mean that there are no Additional Authentication Rules, but best to be sure as these do not show in the ADFS gui screens.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 40%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Were you ever able to resolve this issue? After configuring AzureMFA, it worked for a while but it somehow broke and getting the same error.
Relying party: Microsoft Office 365 Identity Platform
Error details: No strong authentication method found for the request from urn:federation:MicrosoftOnline.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 65%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIM%3C/text%3E%3C/svg%3E)
We have the same issue.
Any update?