Question

You distribute an email welcoming your pilot users and provide them with the URL for registering with the Azure MFA service. Users have reported they were successfully able to register for MFA. However, they are not being challenged for MFA when attempting to access SharePoint Online. You, on the other hand, are challenged for MFA each time you attempt to access SharePoint Online. What could be the cause of this issue?

Answer 1

The cause of this issue could be related to conditional access policies in Azure AD or user roles and permissions in SharePoint Online.

Step-by-step explanation:

The cause of this issue could be related to conditional access policies in Azure Active Directory (Azure AD). Conditional access policies allow administrators to control the conditions under which users are challenged for MFA. It is possible that the conditional access policy applied to your account requires MFA for accessing SharePoint Online, while the policy applied to the pilot users does not.

You can check the conditional access policies in Azure AD to verify this. If you find that the policy for your account is different, you can adjust it accordingly to align with the pilot users' policy.

Another possible cause could be the user roles and permissions in SharePoint Online. If the pilot users have been granted a higher level of access or have different roles, they may not be subject to the MFA challenge.