This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 96%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
I have configured two sugn-up-sign-in custom policies in Azure AD B2C, one with MFA enabled, and one with MFA disabled.
And I want to login without MFA, but for some kind of requests to backend I need to acquireToken with calling MFA. I found topics that describes that in this case I should acquireToken with custom policy configured with MFA, so when I do this I have redirected to page with phone verification and after successful code entry there is a new user session created, so I have two different sessions for one user.
How should I corretly configure my custom policies to work with same session? Is it possible?
Hi @Mikhail Baluev • Thank you for reaching out.
To make it work with the same session, I would suggest you use the same custom policy rather than using two different signup/sign-in policies and update the pre-condition in the user journey to determine whether to trigger MFA or not in the given scenario.
In this thread, I have provided details on triggering MFA only when it is not already done at the federated Azure AD tenant. You can follow a similar approach and define a precondition to trigger or skip MFA.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 56.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWG%3C/text%3E%3C/svg%3E)
Hello @AmanpreetSingh-MSFT ,
I hope you are doing well! I'm totally new to custom policies and I read your answer and it gives me insights to do what we are trying to achieve.
I have an MFA Sign In policy with phone or email and it works fine, however we have a special preference to add: The mfa policy should be disabled by default and a user can enable/ disable it from our UI. I see you said : "update the pre-condition in the user journey to determine whether to trigger MFA or not in the given scenario."
I'm a bit confused and I want to know how to set the mfa to false by default and how to update it to true as a claim when the user set it in the UI?
Would you please give me an example?
In case you want to have a look on the custom policy: netronicjpi.onmicrosoft.com-B2C_1A_DEMO_SIGNUP_SIGNIN_PHONEOREMAILMFA.xml
Your help is much much appreciated!