AD B2C conditional MFA in user flow is not working as expected

Daniela Petrova Keil 0 Reputation points

We are trying to implement differentiated login for 3 different member groups in AD B2C. If a user is a member of group A, we want to avoid asking for MFA with TOTP, whereas if the user belongs to group B or C, we want to prompt for TOTP.

The user flow we have set up is as follows:

User's image

We have also created a conditional access policy for the application that includes groups B and C and grants access with MFA. However, all users, regardless of group, are forced to register TOTP on their first login, and only users belonging to group B or C are prompted for TOTP subsequently.

Is there any way to prevent users in group A from registering TOTP?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,190 questions
{count} votes