Users being prompted for MFA only for Dynamics ERM

jamiecw 0 Reputation points
2024-09-10T02:26:32.1533333+00:00

A company we manage is having issues for users getting prompted for MFA every time they open Dynamics ERM.

A conditional access policy is in place with 30 day periodic sign in frequency which the users are selecting to be 'Don't ask for 30 days' but prompts are still coming through.

Devices have WHFB and SSO and every other MS application they use reflects this as well.

IP's of the locations the users are based are in named locations.

The only reason we see the CA policy prompting is Windows Sign in (Windows Hello for Business) is failing with the following error:

Sign-in error code - 1400001 | Failure reason: Request nonce is not provided.

Users are having no issues with Facial recognition or PIN log in and I can't find any info on the error code so if anyone can assist that would help alot.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,114 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 7,990 Reputation points Microsoft Vendor
    2024-09-17T15:23:21.7133333+00:00

    Hello @jamiecw,

    Thank you for posting your query on Microsoft Q&A.

    From your description, it seems that your organization’s users are experiencing MFA prompt every time when accessing Dynamics ERM application.

    Given the policy details you shared, I see that you have set the sign-in frequency to 30 days in your conditional access policy. Unexpected MFA prompts can occur when the "Sign-in Frequency" and "Remember MFA on trusted devices" settings are enabled in your tenant. For more information, please refer to the document on Configuring authentication session controls

    User's imageSince MFA prompts are not expected behavior, please check whether the "Remember MFA on trusted devices" setting is enabled. You can verify this by navigating to Microsoft Entra ID >> Users >> Per-User MFA >> Service Settings, or by logging into this page: https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx

    User's image

    If "Remember MFA on trusted devices" is enabled, try disabling it and observe if the issue persists. If that didn't resolve your issue, please let me know.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.