After setting up MFA via Microsoft Entra, I can't get my test users to trigger to register

William Lampert 6 Reputation points
2024-03-26T20:04:14.2466667+00:00

We're looking to rollout MFA for all our users, specifically just for any access to their Exchange Online and Microsoft Teams. I've followed the the instructions from Microsoft's Knowledge article: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa

What I have setup:

New Conditional Access Policy (MFA Pilot):

Users > At the moment just including a specific group that i have my test users part of.

Target Resources > Cloud Apps > Office 365 Exchange Online & Microsoft Teams

Conditions > Client Apps > Enabled and checked all "Modern authentication clients" options (Browser/Mobile app and desktop clients/Legacy authentication clients/Exchange ActiveSync clients/Other clients)

Grant > Grant Access > Require multifactor authentication (Enabled)

Under Protection > Authentication Methods

  • Microsoft Authenticator (Enabled) > Authentication Mode: Any Only Targeting the group my test users are in.

From my understanding with all of that enabled and set, when an account that is currently not setup for MFA yet, once they log into anything Exchange Online (or just signing into office.com for the first time) should trigger to get enrolled and register for the first time.

I've set these and its been about 2 hours and when i use one of my test accounts and log into office.com with it on a different machine, it still just normally logs in and doesn't trigger to enroll into MFA

Help!

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,825 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 11,050 Reputation points Microsoft Vendor
    2024-03-27T06:56:26.62+00:00

    Hi @William Lampert

    Thank you for posting this in Microsoft Q&A.

    I understand you're having difficulties after configuring MFA for your users using Microsoft Entra, and you're unable to prompt your test users to complete the registration process.

    According to the details you shared, it seems like you have taken the right steps. yes, users are prompted to use Microsoft Entra multifactor authentication or to configure a method if they haven't yet done so.

    Kindly confirm if you have chosen the necessary targeted apps. Make sure to choose the Office 365 app (it includes Microsoft Flow, Microsoft Teams, Office 365 Exchange Online, Office 365 SharePoint Online, Office 365 Yammer) within cloud apps to authenticate Exchange Online or log in to office.com.User's image

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If the solution mentioned above doesn't solve your problem, please feel free to leave a comment below. If the answer was useful, please click on "Accept Answer" and kindly give it an "upvote".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.