user MFA is disabled however PIM activation is asking for MFA

Simon Li 11 Reputation points Microsoft Employee
2021-08-26T12:01:01.617+00:00

hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.

Microsoft Entra
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,626 Reputation points Microsoft Employee
    2021-08-27T00:17:51.04+00:00

    PIM takes precedence and will override any other MFA settings, so that is expected behavior. Enabled/enforced/disabled doesn't matter to any of the Azure AD features since it's intended for per-user MFA.

    3 people found this answer helpful.