can't disable/delete Conditional Access policy for MFA to all users

Question

can't disable/delete Conditional Access policy for MFA to all users

Paulo Jorge Correia 5

In my Contoso Electronic test tenant.

I setup MFA for Tenant administrator and it create an CA policy for MFA to all users all Applications.

After I can't delete any longer that CA policy .......... and I see in the MFA for users that no one has it setup ..... not sure why I canto turn the CA policy off.

I can't change security default because is controlled by CA ...... so I'm completely deadlock.

Can someone provide guidance ?

Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-21T09:54:02.6666667+00:00

Hi Paulo,

Can you please tell me what the name of the CA policy is?

Also are you are a partner or vendor
Paulo Jorge Correia 5 Reputation points

2024-03-21T11:02:28.2533333+00:00

The CA policy name is "Multifactor authentication for Microsoft partners and vendors"
Paulo Jorge Correia 5 Reputation points

2024-03-21T11:02:55.07+00:00

I'm a partner
Paulo Jorge Correia 5 Reputation points

2024-03-21T13:52:30.16+00:00

Michael,

This is a test tenant for us as a partner to integrate and test our application, so we need to disable the MFA and just enable it selective depending on the test.

How can I disable MFA and just enable it selectively ?????

Thank you,

Paulo
Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-21T14:06:43.3933333+00:00

Hi Paulo,

Can you open a support ticket so it can be removed through exception.
Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-22T10:15:54.91+00:00

Hi Paulo,

Let me know what your case number and i'll pick it up.

2 answers

Your answer

Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-21T09:54:02.6666667+00:00

Hi Paulo,

Can you please tell me what the name of the CA policy is?

Also are you are a partner or vendor
Paulo Jorge Correia 5 Reputation points

2024-03-21T11:02:28.2533333+00:00

The CA policy name is "Multifactor authentication for Microsoft partners and vendors"
Paulo Jorge Correia 5 Reputation points

2024-03-21T11:02:55.07+00:00

I'm a partner
Paulo Jorge Correia 5 Reputation points

2024-03-21T13:52:30.16+00:00

Michael,

This is a test tenant for us as a partner to integrate and test our application, so we need to disable the MFA and just enable it selective depending on the test.

How can I disable MFA and just enable it selectively ?????

Thank you,

Paulo
Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-21T14:06:43.3933333+00:00

Hi Paulo,

Can you open a support ticket so it can be removed through exception.
Michael Smith 2,926 Reputation points Microsoft Employee

2024-03-22T10:15:54.91+00:00

Hi Paulo,

Let me know what your case number and i'll pick it up.

Answer 1

Hi Paulo,

To help partners protect their businesses and customers from identity theft and unauthorized access, we activated more security safeguards for partner tenants. These safeguards mandate and verify MFA. Mandating MFA helps partners to secure their access to customer resources against credentials compromise.

Partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors (CPVs), and Advisors must implement the Partner Security Requirements to stay compliant.

Partners are required to enforce MFA for all user accounts in their partner tenant, including guest users. Users must complete MFA verification for the following areas:

https://learn.microsoft.com/en-us/partner-center/partner-security-requirements-mandating-mfa

Answer 2

Jabulani Motloung 181

Hi,

What about service accounts that need to be exempted from MFA, especially service accounts that are integrated with third-party tools?

Share via

can't disable/delete Conditional Access policy for MFA to all users

2 answers

Your answer