Forum Discussion
Issue with two MFA . Disabling one MFA based on rules
Question is regarding authentication(s) in Azure AD for this set-up. To comply with security requirements customer has enabled MFA for their tenant and we have enabled MFA for our service hosted in o...
Hi veryConfused,
So If I understand your question correctly, and If I'm not, please correct me.
You have User A in Tenant A and Tenant B (I assume as a guest user)? If this is the case, then it's correct that you need to configure Azure MFA twice. The reason for this is straightforward; your (authentication) methods are configured per tenant. This means, if you have configured your Authenticator in Tenant A, it won't be synchronized to Tenant B since this is a Unique user per tenant.
If you receive an invite for another environment in the future, and they have configured Azure MFA as required, you should again configure MFA for this particular tenant.
I hope this isn't veryConfused ;-). And if you still need some help, please let me know.
yes , you understood the issue correctly. So I am more looking to what other alternatives I have? Can I do some kind of rules that will validate if users are coming from previous tenant and will disable MFA for my second tenant? or any other way?
You have some possibilities with Conditional Access, like including or excluding some guests users, but I wouldn't recommend you configure this. Like you stated yourself, "To comply with security requirements customer has enabled MFA for their tenant and we have enabled MFA for our service hosted in our subscription."
ChristianJBergstrom, Indeed I was aware of this, but same here. Not many details yet. Keep me posted 😉
ChristianJBergstrom, Indeed I was aware of this, but same here. Not many details yet. Keep me posted 😉
