I am running out of ideas why this happens to the users, all our MFA conditional access policies are applied to security groups as we are mid implementation, hes not a member of those groups. To my knowledge (and i also checked with our infrastructure engineer who has been here a lot longer then me) their isn't a MFA server MFA registration policy is disabled in Identity protection, sign in and risky user are handled by Conditional Access and should only apply to High risk
Some users where previously manually enabled for MFA using the older MFA authentication service however this user wasnt one of them and i verified and it says MFA auth Status "disabled" none of the conditional access policies are applied (which is the main way we are pushing MFA now) the device they were logging into is showing up as an unusual location Victoria when we are in QLD due to a VPN, but out only location policies are Disallow anything outside of australia Its noting a configuration change but no change has taken effect This wouldn't be a problem except these are users we haven't yet enabled for MFA (these are staff without corporate supplied phones and several chats need to have with both management and unions before we ask staff to use personal phones).īased on the information the 365-admin console and azure console, i could find the following: every so often a random staff member contacts us because they are being prompted for MFA when trying to sign into office or outlook on particular PC's. Hi, I have done a fair bit of investigating into this but i have no clue why it keeps happening.
0 kommentar(er)
