Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,672 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
I understand that you are receiving the error "Multifactor authentication save failure : Unable to save the Azure AD multifactor authentication policy."
To add to Dillon Silzer's comment, I would recommend adding all of the policy users to a group and also adding the exclusion users to a group, and then adding those groups to the policy. Since you have a large number of users, you might be hitting some limitations.
I tested in my own tenant with both users and groups and was able to save the policy:
Other things to confirm:
- Check that you have a valid Premium P2 license assigned to use Identity Protection features. If your license expired, you might run into access issues.
- Check that "Users can use the combined security information registration experience" is selected.
I've also reached out to the Identity Protection team to confirm if anything could have changed since I was unable to reproduce your issue.
If the suggestions do not work, feel free to send me an email so that we can troubleshoot further - AzCommunity@microsoft.com ("Attn: Marilee Turscak").
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.