![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 57.00000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,172 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand users are getting prompted for MFA registration while trying to access Azure resources.
This can happen in multiple scenarios,
Check and confirm if security defaults is enabled.
- Login to Azure portal with Global admin credentials.
- Access Microsoft Entra ID blade.
- Access Properties on the left side of the page.
- Click on Manage Security Defaults and confirm if it is disabled.
Prompt can come due to registration campaign in Entra ID as well. Registration campaign to set up Microsoft Authenticator app is pushed by Microsoft recently.
As we always believe Microsoft authenticator app method is the stronger than SMS and Phone methods.
Below is the article that we have categorized and listed depending on the authentication methods for MFA.
Follow steps to check and confirm registration campaign settings,
- Login to https://entra.microsoft.com/ using global administrator credentials.
- Click on Protection blade on the left pane and then select "Authentication methods".
- Click on registration campaign and Edit button on the top.
- Now under state you can click on the drop down option and you will see options to disable registration campaign.
- By default "Microsoft managed" is selected.
- You can also add group of users whom you do not want to get authenticator app installed.
For more information you can refer below article,
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.