MFA in Users vs Group in Entra ID

Robert Immanuvel 0 Reputation points
2024-05-03T07:23:05.4233333+00:00

I have created a user and added the same user in a group, and enabled MFA in both user and group, In user I have enabled SMS OTP, and in group I have enabled Microsoft authenticator. Now if I have to login to the user what Authentication will work since I have enabled two different methods. and when each of this will work.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,848 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,786 Reputation points Microsoft Employee
    2024-05-04T00:23:27.7166667+00:00

    Hi @Robert Immanuvel ,

    The per-user settings are being deprecated and if you've updated to the Authentication methods policy with the group settings, you can remove the legacy authentication methods. With the new authentication methods experience, if you have selected to "ignore legacy policies", the new group settings should take precedence.

    Otherwise if you are using only the old per-user MFA methods policy and have the methods registered for the users, the only way to disable them is to remove them as an option in Azure.

    User's image

    Let me know if this is what you are looking for and if you have further questions. Here is the guide that covers how these legacy per-user and new group authentication method settings should be configured. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage

    If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.

    0 comments No comments