why do multiple users show disabled mfa, but are still prompted for mfa?

Bedford, Jeana X 0 Reputation points
2023-08-29T20:28:34.7433333+00:00

I have conditional access policies setup, that enforce Mfa for most users, and users are being prompted for Mfa as required. But in the Admin Center all of the users show a disabled status. Please explain why this is happening .. and how can it be corrected , and i would like to run reports to verify the true status of Mfa activity.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,954 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domooney-MSFT 2,566 Reputation points Microsoft Employee
    2023-08-30T10:42:08.7333333+00:00

    Hi @Bedford, Jeana X ,

    Thank you for posting your query on Microsoft Q&A.

    The portal you are referring to which is linked to the admin centre is actually a legacy per-user MFA setting, which is required to be disabled when you are using Conditional Access, we have a matrix here highlighting the differences between Conditional Access vs per-user MFA - https://video2.skills-academy.com/en-us/azure/active-directory/authentication/concept-mfa-licensing#compare-multi-factor-authentication-policies

    You can get an insight into MFA usage / registration via the "Usage & Insights" portal in Azure AD here - https://portal.azure.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AuthMethodsActivity

    Do let me know if you have any further questions, I would be happy to help!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.