MFA - authentication failing to work

Question

We've got an issue where authentication suddenly stops working (seems to affect any methods registered for affected users). When they try to authenticate they get the message that 'Your sign-in was successful, but does not meet the criteria to access the resource'. No changes have been made to the MFA policies, and many of these users / devices have been authenticating with no problem for many months.

I have found that deleting all the MFA methods for the user in Azure AD and getting them to re-register seems to work (in the case of one user, it failed again after a few days and required the same treatment again). Has anyone come across this issue? Can't currently see any clear cause - and given that re-enrolling the authentication device always works, it would appear not to be an issue with the MFA policies.

Thanks

davidyorkshire · Answer

Thanks - have checked now and they are not enabled.

davidyorkshire · Answer

I've had a ticket open for a few days - Microsoft are not being very helpful!

christianjbergstrom · Answer

This is most likely happening due to conditional access policies being introduced. If not CA, someone could possibly have turned on Security defaults.

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

davidyorkshire · Answer

Thanks, but I'm 99% sure there have been no new policies or changes to the settings - only two of us are sysadmins and we are sure that we've not touched those settings for months.

Unless MS has introduced some changes and enabled them by default?

christianjbergstrom · Answer

Have a look? https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults

Forum Discussion

MFA - authentication failing to work

6 Replies