B2C Conditional Access not working as expected

Ahmad Gad 0 Reputation points
2024-02-16T12:34:21.6033333+00:00

I have two groups "B2C Normal Users" and "B2C MFA Users".

I created conditional access to enforce MFA for the "B2C MFA Users" group while excluding the "B2C Normal Users" group and added the required registered app as the target resource.

I tried two different user flows and neither of them gave me what I'm expecting:

User's image

The above user flow is enforcing the Authenticator App for all the users and totally ignore the conditional access policy.

User's image

The above user flow is working half good where it is not enforcing any MFA for the "B2C Normal Users" but enforcing the Email OTP verification as MFA method for the "B2C MFA Users".

Please note that I have "Security Defaults" disabled and the B2C Tenant is "PremiumP2" pricing tier.
To summarize, I want to configure my B2C tenant to enforce the MFA with the "Authenticator App" for the "B2C MFA Users" while not enforcing any MFA for the "B2C Normal Users".
Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,452 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.