PIM takes precedence and will override any other MFA settings, so that is expected behavior. Enabled/enforced/disabled doesn't matter to any of the Azure AD features since it's intended for per-user MFA.
user MFA is disabled however PIM activation is asking for MFA
Simon Li
11
Reputation points Microsoft Employee
hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.
1 answer
Sort by: Most helpful
-
Marilee Turscak-MSFT 36,901 Reputation points Microsoft Employee
Aug 27, 2021, 12:17 AM