How to enable MFA (mobile authenticator) conditional access on a B2C client for select users while not requiring users without MFA to register an authenticator
We are attempting to roll-out MFA for specific users on our B2C tenant, these users are within their own groups and within a conditional access policy where they have the MFA grant enabled.
We have set our Sign Up / Sign In userflow to conditional MFA.
We have disabled security defaults on the tenant.
The problem: when the user flow is run, all users even if explicitly excluded from the policy are still prompted to register the authenticator app and they are unable to proceed until they have done so.
Once this has been done, it will no longer prompt them to register the application.
We wish that the users are not prompted to register until we have included them in the conditional access policy.
We have since tried amending the 'Multifactor authentication registration policy' to prevent this but this seems to have also had no effect. Any help would be greatly appreciated.