asked on
2 users (only) do not receive microsoft mfa challenge?
I have just been through the adding of microsoft authenticator to the 2 without mfa and completed the check provided during the process, which worked fine. however, whenever the try to login to the outlook.portal.com cloud access to email or use outlook, they still do not receive the mfa challenge.
can anyone advise what we need to check to get this working?
many thsnks
ASKER
Thankyou. I don’t particularly want the mfa challenge at every login, but when I log in as one of the problem users from my office, there is no challenge. I did not think that was normal?
As I said the initial config went through ok, but I just wanted to be sure its setup correctly as I am due to go away for 2 weeks, which is when the enforcement was set to be activated. Don’t want any problems while I am away.
Any advice appreciated.
Thanks
ASKER
Many thanks.
I will try the link provided.
I have just been contacted by one of the users that was working ok and he gets the mfa challenge on his pc, but now the authenticator does not pop up on his phone.
Is there a routine where I can check the settings for each user and is there anything that controls the notification popping up on the mobile app?
Many thanks
Hello, if you have Azure AD, you can access more detailed controls by navigating to entra.microsoft.com and selecting the "identity" tab, then go to "Users" and click on "All Users." Locate the user you're investigating and click on their name. On the left side under "Manage," open the "Authentication methods" section to view the devices registered for that user, which can aid in troubleshooting. At the top of that page, you should find an option to "View Authentication methods policy." Click on that link, and next to the Microsoft Authenticator method, you can access the settings configured for that specific authentication method.
Notifications are controlled on the mobile device side, make sure they're turned on therein and also check "battery optimization" or similar settings that allow the app to run in the background. In any case, the user can always open Authenticator manually and refresh therein.
ASKER
can't see a view option or anything to do with authenticator??
ASKER
Very helpful thankyou 😊👍
Being registered for MFA doesn't mean you will be prompted for it, at least not on every login. There can be a variety of reasons why users are being prompted, depending on the set of features/licenses within your tenant. If you do want users to be prompted every time, you can configure the per-user MFA control to "enforced": https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates