Hi @Claoud Carlos Alberto Sandoval Delgado ,
If I understand your issue correctly, it seems that users are being prompted for MFA even though they are excluded from the Conditional Access policy requiring MFA.
There are several variables that can cause this to happen:
1) You might have an MFA Registration policy configured in Azure AD Identity Protection. If this is the case, users need to be excluded from the MFA registration policy in order to avoid the prompts.
2) If MFA is configured as enabled, but not enforced for the user, the user may still see the prompt.
3) If you recently changed a conditional access policy, it may take a day for the changes to apply.
4) Make sure that security defaults are disabled.
5) If you look at the "Log-in" logs in Azure AD, you should get more clues around why those accounts are prompted.
Additional resources:
A user is excluded in conditional access policy but it is still applied
That said, without being able to see the policies in your tenant, check the logs, and know more about the resources and users, it's harder to diagnose this. If you are still having this issue after trying the troubleshooting steps, we can discuss this over email and get a support case opened.
-
If the information helped you, please Accept the answer. This will help us and also improve discoverability for others in the community who might be researching similar information.