cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Users asked for 2nd MFA method

Olf
Iron Contributor

‎May 03 2023 06:11 AM

‎May 03 2023 06:11 AM

Users asked for 2nd MFA method

Hi there,

starting today a couple of users reported that, seemingly out of the blue, they're being asked to configure a second method for their MFA setup. For example, if a user has configured to to use MSFT Authenticator app, he will be asked to provide an additional method. This doesn't seem to be widespread yet and we couldn't reproduce thus far.

 

Perhaps someone of you knows what could be causing this.

 

Thanks.

1,294 Views
0 Likes
3 Replies
Reply
3 Replies
Kidd_Ip

‎May 06 2023 09:53 PM

‎May 06 2023 09:53 PM

Re: Users asked for 2nd MFA method

@Olf 

Any changes from your tenant, like security defaults, conditional access and MFA?

1 Like
Reply
best response confirmed by Olf (Iron Contributor)
josequintino

‎May 07 2023 02:30 PM

‎May 07 2023 02:30 PM

Solution

Re: Users asked for 2nd MFA method

Hello @Olf
There are several reasons why users may be prompted to configure a second MFA method. Here are a few possible explanations:

1. Changes in security settings or policies: It's possible that an administrator recently updated the security settings or policies for your organization, requiring users to have a second MFA method configured. Check with your organization's administrators to see if any changes were made to the security settings.

2. Conditional Access policies: If your organization uses Azure Active Directory (Azure AD) and has set up Conditional Access policies, users might be prompted to provide additional authentication methods based on certain conditions (e.g., logging in from an unfamiliar location or device). Review your Conditional Access policies to see if any changes were made recently.

3. User settings: Users might have accidentally triggered the prompt for a second MFA method by changing their own security settings. Instruct the affected users to review their security settings and ensure they are correctly configured.

4. Software update: Microsoft occasionally rolls out updates to Azure AD and its security features. It's possible that a recent update has caused the prompt for a second MFA method. Keep an eye on the Azure AD release notes and announcements for any changes that could have affected MFA.

5. Potential security threat: If the prompt for a second MFA method is unexpected and cannot be traced back to any changes in policies or settings, it could be a sign of a potential security threat. In this case, it's essential to investigate the issue thoroughly and ensure that the affected users' accounts are secure.

To diagnose and resolve the issue, start by checking your organization's security settings and policies, as well as any recent changes to Azure AD or Conditional Access policies. If the problem persists, consider reaching out to Microsoft Support for further assistance.
1 Like
Reply
Olf

‎May 08 2023 12:19 AM

‎May 08 2023 12:19 AM

Re: Users asked for 2nd MFA method

Thanks. So it seems that two things were changed.
1. Number of auth methods when re-confirmation of methods is triggered (from one to two)
2. The number of days until asked to do so was decreased.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Olf (Iron Contributor)
josequintino

‎May 07 2023 02:30 PM

‎May 07 2023 02:30 PM

Solution

Re: Users asked for 2nd MFA method

Hello @Olf
There are several reasons why users may be prompted to configure a second MFA method. Here are a few possible explanations:

1. Changes in security settings or policies: It's possible that an administrator recently updated the security settings or policies for your organization, requiring users to have a second MFA method configured. Check with your organization's administrators to see if any changes were made to the security settings.

2. Conditional Access policies: If your organization uses Azure Active Directory (Azure AD) and has set up Conditional Access policies, users might be prompted to provide additional authentication methods based on certain conditions (e.g., logging in from an unfamiliar location or device). Review your Conditional Access policies to see if any changes were made recently.

3. User settings: Users might have accidentally triggered the prompt for a second MFA method by changing their own security settings. Instruct the affected users to review their security settings and ensure they are correctly configured.

4. Software update: Microsoft occasionally rolls out updates to Azure AD and its security features. It's possible that a recent update has caused the prompt for a second MFA method. Keep an eye on the Azure AD release notes and announcements for any changes that could have affected MFA.

5. Potential security threat: If the prompt for a second MFA method is unexpected and cannot be traced back to any changes in policies or settings, it could be a sign of a potential security threat. In this case, it's essential to investigate the issue thoroughly and ensure that the affected users' accounts are secure.

To diagnose and resolve the issue, start by checking your organization's security settings and policies, as well as any recent changes to Azure AD or Conditional Access policies. If the problem persists, consider reaching out to Microsoft Support for further assistance.

View solution in original post

1 Like
Reply