Azure MFA state behaviour

HK G 466 Reputation points

Hi, I am trying to understand the MFA state behavior on Azure. I am enrolling users for MFA from our tenant. Some users were unable to login to Outlook after the enabling. I noticed that these users' MFA states were changed from Enabled to Enforced. I am not sure what triggered the change. But not all user's states were changed even though they were all enabled the same way, e.g. through Office 365 admin portal. The users who's states are Enabled are able to login. I understand that this has to do with our Exchange online tenant not having Modern Authentication enabled. But my concern is how the MFA state got change. Thanks

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,617 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Vasil Michev 70,486 Reputation points MVP

    The state wont change to "Enforced" on its own, someone on your end toggled this. And make sure you enable Modern authentication.

    0 comments No comments

  2. HK G 466 Reputation points

    Can the user somehow change that state when they did the MFA registration? This is definitely not done by the admin.


    0 comments No comments

  3. HK G 466 Reputation points

    I did some test with few test user accounts. I enabled them from the tenant and the state were enabled. When I finished the MFA method registration and checked the status again, they all shows as enforced. I also this statement from the link.

    Users who complete registration while in the Enabled state are automatically moved to the Enforced state.

    The only way to keep the user state to be enabled is to disable and reenable them.

    Is there anyway to keep the user to be enabled without doing the disabling\reenabling?


    0 comments No comments