2 factor authentication require three steps in my office mail

Copper Contributor

Hello guys. I am one of the IT assistants of my company. So, Our company just bought Office 365 business plan and we set up two factor authentication methods. The problem is when we are setting up, there should be two steps only which is Microsoft Authenticator App and Phone number. But in some users, there are three step which is requesting extra email for that. It's happing to random users. So, the fact is that I want to make only two steps authentication methods, How can I do? 
Appreciate for all your contributed answers.

3 Replies
This presumably has to do with the fact that different authentication methods are enforced for SSPR and MFA. Can you confirm this?
Hi Hein, Is there a different conditional access policy enforced on different users? If you have a policy that requires a secondary email for some users, you may need to edit it to exclude those users from this requirement.

Below are the steps to review conditional access policies:

1: Access the Azure Active Directory (Azure AD) portal with appropriate administrative privileges.
2: Under "Security" in the left-hand navigation pane, go to "Conditional Access."
3: Review the existing Conditional Access policies to identify any policies that may be causing the prompt for an extra email.

I hope that will resolve the issue.



Please look into group membership of users as well as conditional access for next step