I created a policy from the template, and changed only a group in the settings, instead of All users put a custom group mfa required to register.
Now, whether the user is a group member and outside of a trusted location, the policy cannot register MFA for him at all. Why so, it contradicts the settings.
Correct me if I'm reading wrong these settings: if the user is a part of the group and he is accessing O365 service from anywhere except trusted locations (which we configured with our public IPs), then he is required to register MFA.
Any thoughts on this?
The error I get:
Sign-in error code53010 Failure reason Cannot configure multi-factor authentication methods because the organization requires this information to be set from specific locations or devices.