Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Visitor 1

Security Defaults not asking MFA



normally we are using Conditional Access, but for one of our small customers without AD licenses, we have to use MFA within "Security Defaults".


We activated one user with "Per-User MFA" to show him how to register for MFA and configure Microsoft Authenticator and the next day we activated "Security Defaults".


When users opened Outlook next time they got asked to register for MFA. But after they registered they did not get asked again. Even when I login with user credentials of a registered user on my pc in a remote location - I don´t get asked for MFA.


If I check sign-in logs, I see only the one user with "per-user MFA" authenticating with MFA, but all other users with "single-factor authentication".


If i look in details of single factor authentication log, I see:

Policy state: Enabled
Result: Success


Any ideas?


Thank you,


Level 2 Contributor


Based on my experience the first thing I would do is reset Authentication on all users.



Visitor 1

Another thing to try is accessing the azure portal and see if MFA is required. Security defaults requires all users to register for MFA, but does not require MFA for all users, all the time, instead a user will be prompted for Multi-Factor Authentication, based on factors such as location, device, role and task.