A cloud-based identity and access management service for securing user authentication and resource access
Entra MFA - Multiple Issues
at_work
0
Reputation points
- SMS must be enabled as an authentication method for new user initial login and authenticator setup.
- If SMS is disabled, the user gets a prompt to contact admin, and that they are blocked from signing in (this is despite there being multiple other auth methods enabled)
- This was after using TAP for initial sign-in (I want to sunset passwords)
- Accounts excluded from MFA CA are still prompted or required to set up MFA, even disabled legacy authentication methods.
- Fido2 keys not available as an MFA method despite being explicitly enabled in auth method policies.
- I had to use a TAP in order to set up a YubiKey usb fido2 key with my Break Glass Account.
- My tenant is a legacy tenant -- is this the reason why my Entra auth policies don't work?
- How do I make my tenant passwordless for all users? Or all users who are not Service Accounts, Break Glass Accounts, and Administrators?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Sign in to answer