@Tom - BR
This MFA prompt is triggered by Azure. There is a feature called as "security defaults" in Azure AD.
Microsoft is making security defaults available to everyone, because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common in today's environment. More than 99.9% of these identity-related attacks are stopped by using multifactor authentication (MFA) and blocking legacy authentication. The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.
One of the key feature within security defaults is Requiring all users to register for Azure AD Multifactor Authentication.
All users in your tenant must register for multifactor authentication (MFA) in the form of the Azure AD Multifactor Authentication. Users have 14 days to register for Azure AD Multifactor Authentication by using the Microsoft Authenticator app or any app supporting OATH TOTP. After the 14 days have passed, the user can't sign in until registration is completed. A user's 14-day period begins after their first successful interactive sign-in after enabling security defaults.
Users are asked to register for MFA. This doesn't mean that users will be prompted for MFA everytime they access any Azure resources. Users will be asked to go through MFA only when Azure suspects any unusual login to the user's account.
If you do not want this behavior, you can disable security defaults.
Follow below steps to disable security defaults in Azure AD.
- Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
- Browse to Azure Active Directory > Properties.
- Select Manage security defaults.
- Set the Enable security defaults toggle to No.
- Select Save.
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.