Turn off MS authenticator for admin accounts - use alternate 2fa provider instead

Mike Cohen 0 Reputation points
2024-09-13T17:02:24.4333333+00:00

WE have configured DUO as our 2fa External authentication method in entra. When our o365 users login they are prompted to select DUO as an auth provider and are then are able to login to duo. Standard users work fine.

Any user that is an office 365 admin is first prompted to use thems authenticator, they must then select "I can't use my Microsoft Authenticator app right now" to be given the option to use DUO as a 2fa provider which will work when selected.

We have set the microsoft managed conditional access policy

Multifactor authentication for admins accessing Microsoft Admin Portals

to "off" and our admin users are covered by our active 2fa DUO conditional access policy so 2fa is effectively enabled for these users.

How do we turn off the initial request to use MS authenticator when an o365 admin logs in . We have 2fa properly setup using EAM with DUO including for our tenant admin accounts.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,795 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akhilesh 9,840 Reputation points Microsoft Vendor
    2024-09-19T16:53:53.4333333+00:00

    Hi @Mike Cohen

    Thank you for reaching Microsoft Q&A forum!

    If I understand correctly, you have configured the DUO for 2FA but when users sign in it is prompted and directed to Microsoft authenticator app not the DUO and you are selecting, I can't use my Microsoft Authenticator app right now" to be given the option to use DUO as a 2fa provider which works.

    Since you have managed the conditional access policy, may I know have you create the custom controls for DUO MFA if yes have you select the RequireDUOMfa custom controls in the Access control baled of your conditional access policy?
    User's image

    For more information I suggest you go through the document and video Duo Two-Factor Authentication for Microsoft Entra ID (formerly Azure Active Directory)
    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.