Share via

How can I exclude an enterprise app from MFA for all users?

Theodoros Yiorkas 35 Reputation points
2024-07-27T23:32:56.1366667+00:00

I'm attempting to exclude an enterprise app from two conditional access policies, but it's not working. I tried testing some users using "What if" and got a message saying that no policy was added, but when they attempt to log in to the app, they are still prompted for MFA. What could be the issue here?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 160K Reputation points MVP Volunteer Moderator
    2024-07-28T14:37:48.3133333+00:00

    Check the Entra sign in logs and see what policy is being applied.

    If no policy, then verify per-user MFA is not enabled or you are requiring MFA registration

    https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy

    0 comments
  2. Abiola Akinbade 30,490 Reputation points Volunteer Moderator
    2024-07-28T01:40:22.55+00:00

    Hello Theodoros Yiorkas.

    Thanks for your question.

    When did you apply this policy? Sometimes CA policies can take up to a day to get applied in some instances.

    I would recommend you wait a bit to see the implications.

    Also, you can test with just a single policy applied to see behaviour

    Please let me know if you have further questions

    You can mark it 'Accept Answer' if this helped.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.