Our users are suddenly being forced to use Microsoft authenticator despite having other option enabled

Question

We've enabled multiple options for MFA in Azure, but our users are suddenly receiving errors indicating that they must use the Microsoft Authenticator app. I've verified at both the global level and the user level that other MFA types, such as SMS, are enabled. Why are these settings not being honored?

Answer 1

Hi,

It seems the Security Default settings are applicable to your tenant and If your tenant was created on or after October 22, 2019, security defaults might be enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants at creation.After this setting is enabled, all users in the organization will need to register for multifactor authentication. To avoid confusion, refer to the email you received and alternatively you can disable security defaults after it's enabled.

Hope this helps.

JS

==

Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

Answer 2

While I had verified that multiple authentication methods were enabled at the global level and at the individual user level, I missed the new "Registration Campaign" settings. This area was set to be managed by Microsoft and was set to remind users every 1 day with a maximum of 3 snoozes. I was able to resolve our issue by taking back control of these settings and loosening them up a bit. I did not turn it all the way off because we do want our users to switch to the Authenticator app. We just didn't intend to force them to make that switch within 3 days.