Forum Discussion

KingBear's avatar
KingBear
Copper Contributor
May 24, 2022

CBA, MFA, and AADSTS54008 Certificate is not supported as first factor

Greetings All,   I'm trying to get CBA MFA working for Azure AD, exchange online specifically, but I can't get past the following error:  AADSTS54008:  Multi-Factor authentication is required and t...
Azure Active Directory (AAD)
MFA
mikey365's avatar
mikey365
Brass Contributor
Aug 23, 2022

jroth710 

 

FYI it is misleading, but if you look at the Microsoft documentation on CBA, the only way to do MFA with a cert is to add a Policy O.I.D rule that checks for a value in your cert. The cert then acts as the first factor and second factor. There seems to be no other MFA options supported with CBA yet.

mikey365's avatar
mikey365
Brass Contributor
Aug 23, 2022

Also, if you you are getting that MFA sign in error regarding "first factor", and want it to work with CBA, you have to disable MFA enforcement at the user level and make sure they aren't included in any other conditional access policies that require MFA. Just make sure you have other user account protections such as additional Conditional Access Policies based on device or IP Range etc. 

  • AusSupport180's avatar
    AusSupport180
    Brass Contributor
    Nov 03, 2023
    So CBA not work with other CA enabled the MFA?