25,132 questions
Check what you have set for the registration campaign under that same menu
How can I actually exclude users from requiring Authenticator?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 23%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Josh Steadman
0
Reputation points
We initially had Authenticator on for all users as a policy. I've since revised the policy to target a specific group, and exclude another group. And all users are still being prompted, regardless of which group they are in. How do I fix this?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
9,321 questions
2 answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2024-11-15T20:09:48.8633333+00:00 -
Josh Steadman 0 Reputation points
2024-11-19T14:22:23.5233333+00:00 Registration campaign matches - two groups, one set to include, one set to exclude. Both groups still get prompted.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator2024-11-19T03:40:46.7066667+00:00 Thank you for posting this in Microsoft Q&A.
As I understand initially you had a policy configured in Azure for MFA using authenticator app for all users in your tenant. Later you revised the policy and allowed MFA for only few groups and excluded MFA for few groups. Even after these changes, all users are still getting prompted for MFA.
To fix this issue first you will have to check who is triggering MFA. You can access any one user who is excluded for MFA and still prompted for MFA and check there sign-in logs. Check who is triggering for MFA.
In Sign-in logs you can check due to which feature MFA is getting triggered. If conditional access policy is triggering MFA then, these logs will also show which policy is triggering MFA.
You can check the same policy and make necessary changes.
There is also a feature known as registration campaign in Azure. But this with feature users will only be prompted for MFA registration.
The purpose of Microsoft launching registration campaign is to help organization users move away from SMS and Voice authentications.
With this registration campaign users in your organization who are relying on SMS and voice for MFA will be prompted to use the Microsoft Authenticator app.
This means this program will get applied to only those users who are using SMS and Voice method for MFA.
Users will still be prompted for MFA depending on what authentication method you have assigned to them for registration or what method they have used while MFA registration initially.
You can check below article to know more about registration campaign,
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
-
Josh Steadman 0 Reputation points
2024-11-19T14:24:36.4566667+00:00 Thank you for the comprehensive response...however it didn't help. Every policy, and registration setting I can find has the two groups configured as I indicated, and all users are still being prompted. Users are working on Win 11 desktops devices with Edge or Firefox browsers...nothing SMS or Voice involved.
-
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
2024-11-21T03:38:50.46+00:00 Let's work on this offline to fix the issue. Please check the Private message option on top of this thread to get instructions on working offline.
-
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
2024-11-25T05:44:16.4033333+00:00 Can you check the private message so that we can connect offline to work on this issue
Sign in to comment -