MFA for external web app

Ellrick 26 Reputation points

Hello All,

We have a number of users who's accessing the external Azure web application, each time they logging-in they have to go through the Microsoft MFA and answer a call.

When I've checked the Sign-in logs in our AAD, I can see all sign-in attempts to the external app and Authentication Requirement column says Multi-Factor Authentication.

Does the MFA in this case is enabled on the external web application? The MFA is not enabled for those users in our Azure AD.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,914 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,341 Reputation points

    Hi @Ellrick • Thank you for reaching out.

    The most probable cause of this behavior is Conditional Access policy. In case of conditional access, you have the option to require MFA only for specific application. You can also include conditions, such as when the app is access from specific location by specific set of users. To confirm this, please check the sign-in logs to identify which conditional access policy is getting applied during that sign-in.

    If you still can't identify that, kindly ask one of those users to either decline MFA call or let it time-out. Once MFA fails, you will get correlation id, request id and timestamp on the error page. Please share that information and I will try to track the source that is originating MFA for you.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful