MFA policy is misconfigured. Work with your admin to enable notification through mobile app in the policy.

Venkata Akanksh Nethi 1 Reputation point
2024-05-17T04:25:27.8333333+00:00

We have enabled MFA enforcement on our lighthouse but somehow all the users were receiving this error "MFA policy is misconfigured. Work with your admin to enable notification through mobile app in the policy." We have tried disabling the MFA and set them to report only but still issue is same.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,710 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,121 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 15,326 Reputation points Microsoft Employee
    2024-06-06T16:30:01.84+00:00

    @Venkata Akanksh Nethi

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer)**)", I'll repost your solution in case you'd like to "[Accept] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#accepted-answer-in-a-question-thread)**)" the answer.

     

    Issue:

    MFA policy is misconfigured. Error: Work with your admin to enable notification through mobile app in the policy.

    Solution:

    1. User was created in Tenant A where MFA is enabled via per user MFA with limited sign-in option. Configuration will not allow user by prompting MFA. User has to enter OTP manually.
    2. The same User has been invited as guest to tenant B, where you have conditional access policies for MFA.

    For your case, Tenant A per user MFA policies were causing issues. post removing MFA restriction on Tenant A issues were resolved.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments