Hello @Jeremiah Limpin ,
Thank you for reaching out to Microsoft QnA platform. If the user is excluded from MFA Policy on Conditional access and still being prompted to setup MFA then would like to confirm that MFA registration can be enforced by multiple sources:
- Entra ID Security Defaults: Since you are using Conditional Access, I highly doubt you would have have these enabled as well.
- MFA Registration Policy within Identity Protection: Please validate if user is part of MFA registration campaign via Identity Protection policies.
- Authenticator App Registration Policy: Please validate if user is excluded from this policy as well.
- SSPR Registration: If user is part of SSPR group then user might be prompted for registering additional auth methods which enable them to perform self-service password reset.
- Per-User/Legacy MFA enforcement: If the user is enforced in legacy MFA Portal then end user would be prompted for MFA registration.
Please check if user is part of any of these policies. Also once the user registration is complete they should not be prompted for MFA again by the conditional access policy you have created.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.