Forum Discussion
Staged Rollout to Passthrough changing users MFA methods
Hi, I am in the process of helping a customer migrate their ADFS relying parties to AAD and also migrating their users to passthrough auth from federated. We have had instances from around 10-20% o...
Hi, I think wires are crossed due to the mention of not wanting to use the SMS method.
The core issue is that some users who have previously configured app notification in Azure MFA, when enabled for PTA staged rollout are then changed to SMS, as if their MFA is reset or rolled back.
The audit logs are clear as mud but possibly its showing an update to the strongauthenticationmethods for some of these users by AD connect.
The core issue is that some users who have previously configured app notification in Azure MFA, when enabled for PTA staged rollout are then changed to SMS, as if their MFA is reset or rolled back.
The audit logs are clear as mud but possibly its showing an update to the strongauthenticationmethods for some of these users by AD connect.
Hi Peter,
The issue you currently dealing with was clear to me. Excuse me If it looked like it didn’t.
I am wondering if the value for strong authentication changes when adding someone to the staged rollout group. Could you try to run the below Powershell before and after the user gets added to the group and check the differences in the values?
Connect-MsolService
$User = Get-MSolUser -UserPrincipalName user@domain.com
$User.StrongAuthenticationMethods
The issue you currently dealing with was clear to me. Excuse me If it looked like it didn’t.
I am wondering if the value for strong authentication changes when adding someone to the staged rollout group. Could you try to run the below Powershell before and after the user gets added to the group and check the differences in the values?
Connect-MsolService
$User = Get-MSolUser -UserPrincipalName user@domain.com
$User.StrongAuthenticationMethods