User excluded from MFA still prompted

Ted Sinclair 21 Reputation points
2022-02-17T19:16:03.133+00:00

I am trying to create an global admin user that is not required to set up MFA. (It's a temporary user for a migration.) The 365 tenant has security defaults enabled, so I disabled them and created a conditional access policy that enforces MFA for everyone except the admin user I'm using for the migration. However, the MFA prompt still comes up for this user. I tried creating a new user, and excluded it from the MFA policy before the first login, but am still getting prompted to configure MFA. Per-user MFA is not enabled for either admin account. What else could be forcing MFA?

I tried this...
https://learn.microsoft.com/en-us/answers/questions/549021/a-user-is-excluded-in-conditional-access-policy-bu.html
but those options are grayed out and the identity protection policy does not appear to be enabled anyway.

Any thoughts?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,731 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 24,661 Reputation points Microsoft Employee
    2022-03-01T00:47:16.24+00:00

    Hi @Ted Sinclair , sorry for the delay in response. The reason for your options being greyed out is that you may need more permission, such as Privileged Authentication Administrator. Please see this thread for more details. Please let me know if this resolves your issue. If not I can help you further.

    Best,
    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.