Users are being prompted for MFA before we have rolled it out

Question

We are planning to roll out MFA but users are already being prompted for MFA. They are able to by-pass for 14 days at this point but I am not sure what will happen the next time they are prompted.

Answer 1

Hello License Tracker,

Thank you for posting your query in the Microsoft Q&A Community.

I understand that you would like to know why users are being prompted for MFA even when you haven't started rolling out and what will happen after the 14-day exemption timeframe.

Please note that MFA in Azure is controlled by three main Features. The Security default, Conditional Access, and Per-user MFA. Based on your explanation, the security default seems to be the feature that is working here.

Security defaults make it easier to help protect your organization from identity-related attacks like password spray, replay, and phishing common in today's environments. This might have been enabled in the tenant. Most times it is enabled by default when you create a new tenant.

Follow this link to get more information about Security defaults.

On the 15th day, users will be forced to register for this MFA and wont be able to pass-by this.

If you don't want this to happen, you can disable this setting.

NB: No account should be without 2FA for security reason.

Another reason why your user might get an MFA prompt is if you have enabled the Self-Service password reset and they need to complete an MFA process before being able to register successfully for a password reset.

Let me know if further assistance is needed.

Babafemi