What does your CA policy look like specifically? You typically set MFA activation within the settings of the PIM role, not with a CA policy ( and the CA policy is to set an auth context strength)
PIM MFA Requirement different for Edge & Chrome
Tags like MFA, PIM and Conditional Access don't exist so I can't add those up there.
We have setup PIM in our environment and setup a Conditional Access Policy to force an MFA prompt with every activation. However, Edge will do it but Chrome will not. Below are screenshots.
Chrome: it doesn't even get to the point where it recognizes that the policy applies to the person:
But with Edge, it does recognize the resource (as not configured) and it prompts properly:
How do I get Chrome to work? What is "Resource"? because I don't see it.
2 answers
Sort by: Most helpful
-
-
Andy David - MVP 150.3K Reputation points MVP
2024-11-27T16:01:44.9066667+00:00 I don't think the session sign in frequency requirement makes sense here.
Per the article:
If you want the PIM group to MFA each time they access Azure, I would create a different CA policy and enforce session requiriements there.