Forum Discussion
MFA Shows Disabled, But Being Used
Eddie78723 it is sorry to hit this point again. Even the users were set Disable in MFA set up but when user login, it still requires to MFA. Some users require to login without the MFA. How can we set it? I did both in Properties and Condition Access but it seemed not work. Thank you
I'm really sorry to flog a dead thread about this but I haven't seen anyone mentioning the MFA Registration Policy settings sitting under ID Protection
I'm unable to edit this, probably because I haven't subscribed to their Premium AD license and therefore am not permitted to make the necessary changes here.
I believe this is the root of the notifications but as I said, I'm not able to make changes here.
I've gone through all the comments here, security defaults are set to no, no CA policy created and this MFA Reg Pol is the only place I can see the policy being enabled.
- Thanks, this was it for me. It was not the Device MFA settings or the legacy setting or the CA. It was the Identity Protection
So after a few hours on the phone with Microsoft it was discovered that Self Service is the culprit. It is enabled for all users once you switch it to "None" it will not trigger MFA and allow users to logon without MFA challenge when MFA itself is disabled.
LibraryITGuy- this was a great help, I was going crazy with this login loop issue, I'm an admin as well as a user so I think since I was set for MFA automatically (?) this started acting up as soon as I migrated to Win 11 for some reason. Removing MFA on my login made no difference until I tried your solution.
Anyone trying this solution be aware it can take quite a few minutes to take effect.
