Users Getting MFA Prompts in the middle of Teams meeting

Rafik 1 Reputation point
2021-10-21T23:19:27.8+00:00

Hi,

We have configured MFA authentication for users with conditionnal Access (See image). All users have hardware token as a second factor, another users like administrator use Micorost authenticator.

The issue is for 50% of users do't like to be prompt many times a day for all apps or browsers.

The main issue is for some users. They report that they be prompts to enter code when thhey were in meeting. it's weird experience when they are with clients or an important meeting.

We have configured for non admin users a Sign In Frequency for 1 day and persistent browser session (see image). Its supose to prompt every 24 hours. why they be prompt MFA in Teams meeting, for exemple at 11 am?is there a way to keep them from being prompted in the middle of a day. plz, Imagesee my config.142221-capsession.png

142625-capsession.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,993 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,681 Reputation points
    2021-10-22T21:11:23.293+00:00

    Hello @Rafik ,

    Thanks for reaching out and apologies for any inconvenience caused by this issue.

    Here are my thoughts on this scenario:

    If there are more than one CA policy applied for same set of application due to which MFA might have repeated which resulted multiple time MFA for user. Example: the current implementation has Teams requiring MFA within 1 days and when a user launches Teams they are prompted. While inside of Teams, another MS service is called (sharepoint for example) and another conditional access policy will prompt for MFA for SharePoint.

    This continues for each accessed MS application and conditional access policy that is configured. This article has more info on service dependencies to help identify which apps will need to be included on your conditional access policy: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies

    Secondly, if the token is getting invalidated by application lets say MS Teams inactivated token due to some reason then user may asked redo authentication including second factor authentication based on CA condition but getting MFA prompts in the middle of Teams meeting which seems to be problematic.

    Therefore, this would require active troubleshooting to identity actual cause for the issue hence I would recommend to you reach out to MS support who can help you. In case if you don't have support plan then I can help you with One-Time free support.

    Hope this helps.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.