This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello all,
I have Microsoft Authenticator App, and Security Key (YubiKey) registered as MFA methods. However, Microsoft seems to prompt for Security Key as default on both company device and personal mobile devices. In my org, we need to provide users with both methods in case users choose not to enroll with personal devices. Prompting for Security Key as default is inconvenient to our users as it creates extra steps for them to cancel out, and navigate to "Other ways to sign in" in the Authenticator App. Another issue is unable to enroll "Security Key" without first enrolling with Authenticator App.
Has Microsoft fixed this issue, or has anyone found a fixed for this?
Details:
MFA deployed through Conditional Access Policies
Per-User MFA is disabled
SSPR only has Security Questions enabled
Do you have the system-preferred MFA method feature enabled? It will prioritize the "most secure" methods first, as detailed here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-system-preferred-multifactor-authentication
Hi Vasil, thank you for sharing this. I disabled System-preferred in Entra, and Security Key is no longer being prompted as default.
Vasil,
Thanks for sharing the link. We disabled system-preferred and we're no longer being prompted for Security Key as default MFA method.