Why is Azure portal warning about MFA not applied if we have Conditional Access policies active?

Question

Our Azure portal is warning about MFA not being applied when we have three different Conditional Access policies applied. One for all users, one for admins (all applications) and one for external and guest users.

These policies are configured to act under user risk, sign in risk (both incluiding from low to high risk) and location conditions granting access only when users complete multifactor authentication strenght we've previously configured.

These policies also have some account exceptions (two admins and a few application/device accounts).

I've found that Identity Protection Registration Policy is disabled. Could enabling it for all users affect the excepted accounts on my conditional access policies? Would this make the Azure Portal change the MFA status it's currently showing?

Answer 1

Afaik Microsoft is publishing this message (and similar ones across all other available channels) indiscriminately, without taking into consideration the currently configured controls in the tenant. They simply want to make sure admins are familiar with the coming changes in order to avoid issues come Oct.

Do note however that there will be no exceptions for said MFA enforcement - every user accessing an Azure admin endpoint will be subject to the requirement.