user MFA is disabled however PIM activation is asking for MFA

Simon Li 11 Reputation points Microsoft Employee

hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.

Microsoft Entra
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,626 Reputation points Microsoft Employee

    PIM takes precedence and will override any other MFA settings, so that is expected behavior. Enabled/enforced/disabled doesn't matter to any of the Azure AD features since it's intended for per-user MFA.

    3 people found this answer helpful.