MFA Excluded accounts - still prompting for MFA registration

Ranjit Singh 40 Reputation points
2024-03-19T20:50:33.8066667+00:00

Hi Team,

We have enabled the MFA in our organisation and we have created conditional access policy for the service accounts to exclude from MFA. We have disabled the MFA for those accounts under O365 admin > Active users> MFA when we try login to those accounts it still take us to the MFA Registration page and users have to click on skip setup each time when i try login. Is there any options available which bypass the MFA registration page? Please advise.

Thanks,

Ranjit

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
695 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
417 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 23,545 Reputation points MVP
    2024-04-09T19:34:40.3333333+00:00

    Glad to see that you managed to get this resolved.

    Remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    1 person found this answer helpful.
    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 13,085 Reputation points Microsoft Vendor
    2024-03-20T06:36:18.3733333+00:00

    @Ranjit Singh,Thanks for posting in Q&A.

    From your description, I know you want to disable MFA for some accounts.

    I have done research about this problem, here are some information you can refer.

    1.If you have enabled MFA in your organization and want to create Conditional Access policy to exclude some accounts from MFA, in the Users session, you can select the user group for Exclude and in Target resources session, select All cloud apps, then in Grant session, select Require multifactor authentication.

    2.You can disable MFA for specific users in the Microsoft 365 admin center.

    https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#turn-off-per-user-mfa

    3.You can revoke multifactor authentication session in Microsoft Entra ID portal.

    User's image

    Hope it will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  2. Marcin Policht 23,545 Reputation points MVP
    2024-03-19T22:46:25.3333333+00:00
    0 comments No comments

  3. Ranjit Singh 40 Reputation points
    2024-04-09T17:46:07.94+00:00

    I figured out the issue was SSPR setting was assigned to all users, there is no option to exclude users, either assign it to a group or All users. So I ended up creating a Dynamic group for users need to be setup for SSPR which resolved the issue.

    0 comments No comments

  4. Ranjit Singh 40 Reputation points
    2024-04-09T17:47:13.4033333+00:00

    I figured out the issue was SSPR setting was assigned to all users, there is no option to exclude users, either assign it to a group or All users. So I ended up creating a Dynamic group for users need to be setup for SSPR which resolved the issue.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.