Office 365 not prompting for MFA with Security Defaults enabled in Azure AD

Mirza Muqadam Baig 6 Reputation points
2021-11-03T12:54:10.667+00:00

I have experienced MFA is not being prompted for our users when they access Office 365 applications e.g. office.com, outlook application etc.
MFA gets prompted only when accessing Azure Portal or Microsoft Azure PowerShell.

We have tried logging in with different users and different IPs as well - it just lets users pass through the applications without requiring MFA.

We have Security Defaults enabled for our tenant.

I have also seen similar case reported but Microsoft haven't responded on that as well: https://learn.microsoft.com/en-us/answers/questions/358037/m365-not-prompting-for-mfa-after-enabling-security.html

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 95,341 Reputation points MVP
    2021-11-03T13:11:22.977+00:00

    Security defaults does not "enforce" MFA for regular user accounts, so that's the expected behavior. User will be asked to register their MFA details and complete the MFA challenge when accessing specific resources (generally speaking those considered "sensitive"), but not for all. It's explained in the official documentation: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#protecting-all-users
    If you want to enforce MFA and have a matching Office 365 licenses, you can do so via the "old" per-user MFA controls: https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?BrandContextID=O365

    2 people found this answer helpful.