2,301 questions
PIM takes precedence and will override any other MFA settings, so that is expected behavior. Enabled/enforced/disabled doesn't matter to any of the Azure AD features since it's intended for per-user MFA.
user MFA is disabled however PIM activation is asking for MFA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 84%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Simon Li
11
Reputation points Microsoft Employee
hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 36,851 Reputation points Microsoft Employee2021-08-27T00:17:51.04+00:00 -
JamesTran-MSFT 36,626 Reputation points Microsoft Employee2021-08-30T18:32:27.347+00:00 @Simon Li
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Sign in to comment -