B2C Conditional Access not working as expected
I have two groups "B2C Normal Users" and "B2C MFA Users".
I created conditional access to enforce MFA for the "B2C MFA Users" group while excluding the "B2C Normal Users" group and added the required registered app as the target resource.
I tried two different user flows and neither of them gave me what I'm expecting:
The above user flow is enforcing the Authenticator App for all the users and totally ignore the conditional access policy.
The above user flow is working half good where it is not enforcing any MFA for the "B2C Normal Users" but enforcing the Email OTP verification as MFA method for the "B2C MFA Users".
Please note that I have "Security Defaults" disabled and the B2C Tenant is "PremiumP2" pricing tier.
To summarize, I want to configure my B2C tenant to enforce the MFA with the "Authenticator App" for the "B2C MFA Users" while not enforcing any MFA for the "B2C Normal Users".
Thank you.