Forum Discussion

TRD3000gt's avatar
TRD3000gt
Copper Contributor
Oct 05, 2022

Disable MFA -- not working

Hi 

 

I read through a few posts here and online , could not find anything 

 

Am I missing a setting?  

 

It is setup as per below , when I sign in as a user assigned to Security GROUP 1  (User Type: Member, no roles assigned) , Security GROUP 1  is excluded in the conditional access policy

 

I am still getting prompted to sign up to MFA , you can skip setup  

Keep your account secure

Your organization requires you to set up the following methods of proving who you are

 

 

 

Azure P2 Premium security license

Security defaults -- disabled 

MFA per user -- Disabled for all 

Conditional access policy setup  -- set to ON , not report only

  1. Sign in to the Azure portal as a Global Administrator, Security Administrator, or Conditional Access Administrator.
  2. Browse to Azure Active Directory > Security > Conditional Access.
  3. Select New policy.
  4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
  5. Under Assignments, select Users or workload identities.
    1. Under Include, select Directory roles and choose built-in roles like:

      • Global Administrator
      • Application administrator
      • Authentication Administrator
      • Billing administrator
      • Cloud application administrator
      • Conditional Access Administrator
      • Exchange administrator
      • Helpdesk administrator
      • Password administrator
      • Privileged authentication administrator
      • Privileged Role Administrator
      • Security administrator
      • SharePoint administrator
      • User administrator
    1. Under Exclude, select Security GROUP 1 and  organization's emergency access or break-glass accounts.

  6. Under Cloud apps or actions > Include, select All cloud apps.
  7. Under Access controls > Grant, select Grant access, Require multifactor authentication, and select Select.
  8. Confirm your settings and set Enable policy to ON.
  9. Select Create to create to enable your policy.

 

Authentication methods

  1. Azure Active Directory > Security >  Authentication Methods

 Policies  -- all Methods disabled

Registration campaign -- disabled

 

 

 

 

  • TRD3000gt's avatar
    TRD3000gt
    Copper Contributor

    if it helps somebody else

    Found out the issue

     password reset policy

     

    Azure Active directory > Password rest

     

    I enabled the Mobile app 

     

     

Resources