Forum Discussion
MFA required Conditional Access
I have a conditional access policy (currently in report only mode) that will require MFA on all internal users. Microsoft originally instructed me to enabled MFA on all the users via the MFA admin c...
Because those are two separate sets of controls, and the per-user MFA setting "overrides" the CA policy. In your case, if users are always "enforced" for MFA, conditions such as location, application or group membership will be ignored. Well you do have the option to configure trusted IPs in the old MFA portal, but not the other conditions.
