This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 57.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAI%3C/text%3E%3C/svg%3E)
I enabled MFA on my local account and I followed this documentation , then I tried to login with my local account but I am getting invalid username and password.
but in the sign-in activity is logging that the failure reason is User needs to enroll for second factor authentication.
do I need to add Conditional Access Policy to enable MFA for local accounts?
1: +https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates3: /api/attachments/5311-error.png2:?platform=QnA /answers/storage/attachments/5331-invalidusernameandpw.png
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Ayatldris-1935, I was neither able to open the document you shared above nor I was able to open the screenshots you shared. But based on the information provided, I would like to state that when you say enable MFA on a user, you either enable the MFA using the option as show in the screenshot:
Or, you enable it using Conditional Access Policy.
Now, once you enable to MFA for the first time, and then you try to login, once the 1st factor auth is done i.e entering the username and password, then Azure takes you to the url https://aka.ms/mfasetup and asks the user to perform the proofup, where the user enters his/her preferred MFA methods [based on what options the Admin has provided]. Once done henceforth the user gets the MFA options while logging in.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
Thanks for explaining to me how the MFA works
I am wondering why the user is not being redirected to set up the second factor auth when I enable MFA for the first time, Although I enabled MFA in sign-in user flow
@Ayatldris-1935, When you say that you have enabled the MFA using the sign-in user flow, are you using the sign-in policy in the B2C tenant? Can you send me the screenshots of where you have enabled the MFA, so that its easier for me to understand
I enabled MFA on the user level from here :
and also enabled MFA in sign in user flow as shown in the screenshot below
I hope this help :)
@Ayat Idris , Thank you for sharing the details. From the screenshot i can see that you are using B2C tenant and this is not same as your regular Azure AD. In B2C tenant, usually an app that is to be used by general public are published, These app are for the entire world to access and are different from Organization apps. Due to this, in B2C tenant, we allow users who have their identities with various other Identity providers like Google, Amazon, Linked, facebook, Twitter etc to use those accounts and login/signup in your app published in B2C tenant.
So enabling the MFA for the B2C tenant would be little different from that of the normal Azure AD tenant. Here you just need to enable the MFA from the User Flow, as you mentioned in the second screenshot of yours and the step you performed in the first screenshot can be ignored.
i just tested enabling of MFA in my B2C tenant and while signing up using my gmail account, i was asked to enter my phone number and then I got the MFA call from Microsoft. You can refer to the URL mentioned below to enable MFA for your B2C tenant [which i believe you ahve already done], but just have a look once just to make sure all the points here are met in your deployment.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-multi-factor-authentication
If the issue still persists, please do drop me an email to azcommunity[at]microsoft[dot]com with the following details:
Do let us know these details and do not forget to add the reference of this thread so that its easier for me to identify and get back to you sooner.
Also, do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
@Ayatldris-1935, I wanted to follow up with you to check if the above response helped you in answering your query. If it did, please do accept the response as Answer so that it helps others facing similar issues in the community.
Hi @soumi-MSFT - I followed the above instructions to setup MFA for my B2C tenant. However, I'd like to have the setting for remember multi-factor authentication on trusted device enabled on my B2C MFA. Is this possible? Or is the remember multi-factor authentication on trusted device only available within AD, not B2C?