Forum Discussion

nikokre's avatar
nikokre
Copper Contributor
Aug 08, 2024

Only some users are affected by CA policies (MFA and custom)

Good morning community, 

 

Our tenant has two conditional access policies:

  • "Admins require MFA" (Microsoft default)
  • "Require signing in again after 12 hours" (User specified) 

Here's our current problem:

1. For the "Admin MFA" policy, for some reason some Global Admins have to enter MFA while others are never prompted. There is no distinction in configuration between users of these two groups. Our IT-Admin for example is being prompted, while Head of Controlling isn't.

 

2. For our custom policy, again not all users are affected. For example, our many external users (distributors) are not affected by this policy and don't require a re-sign in.

 

Are there any specific configurations I should be looking at? How should we proceed to fix these issues?

 

Thank you in advance for taking the time to answer.

  • micheleariis's avatar
    micheleariis
    Steel Contributor
    Hi, can you give us a screen shot of the 2 configurations?
    Are there any exclusions by network\device?
    • nikokre's avatar
      nikokre
      Copper Contributor
      I fixed the 2nd one. For the 1st, everything is on default Microsoft configuration.
      • micheleariis's avatar
        micheleariis
        Steel Contributor
        You don't happen to have another policy where MFA is required and there are exceptions inside for device\network?