Share via

Unable to edit the policy

IniobongNkanga-8038 681 Reputation points
2024-10-06T06:25:37.06+00:00

Hello

Please i need your help on this issue.

We are unable to edit the policy because it is Microsoft managed as shown in the screenshot

User's image

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,131 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,111 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 12,250 Reputation points Microsoft Vendor
    2024-10-06T16:24:37.05+00:00

    Hi @IniobongNkanga-8038

    Thank you for posting this in Microsoft Q&A.

    I understand that you are unable to edit the Multifactor Authentication policy for per-user multifactor authentication users in your tenant's conditional access policy.

    To edit the policy, at least a Conditional Access Administrator role is required. Administrators have the ability to edit the state (On, Off, or Report-only) and the excluded identities (users, groups, and roles) in the policy. This policy targets licensed users with Microsoft Entra ID P1 and P2, where the security defaults policy is not enabled. Additionally, there are less than 500 per-user MFA enabled or enforced users. To apply this policy to more users, you need to duplicate it and change the assignments.

    We are unable to edit the policy because it is Microsoft managed, as shown in the screenshot.

    Using the Edit pencil at the top to modify the Microsoft-managed per-user multifactor authentication policy might result in a failed update error. To work around this issue, select Edit under the Excluded identities section of the policy. This will allow you to make changes to the policy without encountering the failed update error.

    For your reference: https://learn.microsoft.com/en-us/entra/identity/conditional-access/managed-policies#multifactor-authentication-for-per-user-multifactor-authentication-users

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

  2. akinbade abiola 18,305 Reputation points
    2024-10-06T22:48:59.6933333+00:00

    Hello IniobongNkanga-8038.

    Thanks for your question

    This is expected behaviour. You cannot edit the policy itself.

    Administrators only have the ability to Edit the State (On, Off, or Report-only) and the Excluded identities (Users, Groups, and Roles) in the policy.

    These policies are predefined by Microsoft to ensure security best practices, such as requiring MFA for users. The policy is Microsoft-managed, you cannot modify it directly.

    See: https://learn.microsoft.com/en-us/entra/identity/conditional-access/managed-policies

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.