![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,961 questions
Hi @Ellrick • Thank you for reaching out.
The most probable cause of this behavior is Conditional Access policy. In case of conditional access, you have the option to require MFA only for specific application. You can also include conditions, such as when the app is access from specific location by specific set of users. To confirm this, please check the sign-in logs to identify which conditional access policy is getting applied during that sign-in.
If you still can't identify that, kindly ask one of those users to either decline MFA call or let it time-out. Once MFA fails, you will get correlation id, request id and timestamp on the error page. Please share that information and I will try to track the source that is originating MFA for you.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
