AD B2C conditional MFA in user flow is not working as expected
We are trying to implement differentiated login for 3 different member groups in AD B2C. If a user is a member of group A, we want to avoid asking for MFA with TOTP, whereas if the user belongs to group B or C, we want to prompt for TOTP.
The user flow we have set up is as follows:
We have also created a conditional access policy for the application that includes groups B and C and grants access with MFA. However, all users, regardless of group, are forced to register TOTP on their first login, and only users belonging to group B or C are prompted for TOTP subsequently.
Is there any way to prevent users in group A from registering TOTP?