cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

MFA says enabled but user is using MFA

John Twohig
Iron Contributor

‎Jul 13 2022 10:27 AM

‎Jul 13 2022 10:27 AM

MFA says enabled but user is using MFA

My understanding was that if O365 said that MFA was enabled for a user then that user would be required to register for MFA and, once they completed that process, their status would change from enabled to enforced.

 

I just noticed a user with a status of enabled who has been signing in for months with MFA. Every signin says the Authentication Requirement is Multifactor Authentication. 

 

Why does his status not say enforced?

Labels:
1,122 Views
0 Likes
4 Replies
Reply
4 Replies
Vasil Michev

‎Jul 13 2022 10:45 PM

‎Jul 13 2022 10:45 PM

Re: MFA says enabled but user is using MFA

Enabled/enforced only applies to the old per-user MFA controls. If MFA is being enforced via CA policy (or anything else), the user will have to complete MFA challenge regardless of what the per-user status is. Checking the details within the Azure AD sign-in logs entry will give you a clue as to why MFA was required.
0 Likes
Reply
John Twohig

‎Jul 14 2022 06:44 AM

‎Jul 14 2022 06:44 AM

Re: MFA says enabled but user is using MFA

There are no Conditional Access policies for MFA so, if the requirement isn't coming from the "old per-user" controls, which is where I thought it was always coming from, then where else could it come from?

I don't see much difference between this user's sign-in logs and others. However, it does say that he uses Windows Hello for Business and others don't.
0 Likes
Reply
best response confirmed by John Twohig (Iron Contributor)
Vasil Michev

‎Jul 14 2022 11:38 PM

‎Jul 14 2022 11:38 PM

Solution

Re: MFA says enabled but user is using MFA

That's likely because the user is on a Azure AD joined device and leveraging the PRT to login - this method always counts as second-factor.
0 Likes
Reply
John Twohig

‎Jul 18 2022 07:17 AM

‎Jul 18 2022 07:17 AM

Re: MFA says enabled but user is using MFA

@Vasil Michev 

 

Yes. He is one of the few users we have whose laptop is managed by Intune and Azure AD joined. 

Thanks

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by John Twohig (Iron Contributor)
Vasil Michev

‎Jul 14 2022 11:38 PM

‎Jul 14 2022 11:38 PM

Solution

Re: MFA says enabled but user is using MFA

That's likely because the user is on a Azure AD joined device and leveraging the PRT to login - this method always counts as second-factor.

View solution in original post

0 Likes
Reply