I'm managing a couple of Microsoft Entra tenants, many of which are currently using security defaults. Recently, we licensed some users for Entra ID P1 to gain access to conditional access policies and other features. However, after enabling MFA for our test users through Conditional Access, some users got stuck in an MFA loop. Did I overlook something important?
5 Answers
If you're starting fresh with a client, I'd recommend considering passkeys instead of the traditional Authenticator app for a smoother user experience.
Have you tried re-registering MFA after enabling the conditional access policies? Admins can force re-registration from the Entra portal, which helped resolve the issue for us during testing.
Make sure to use the "REPORT ONLY" feature at the bottom of the setup. It allows users to log in and see what conditional access would have applied without actually enforcing any changes.
It sounds like you might have enabled persistent phishing multi-factor authentication, which often requires additional configuration. I'd recommend checking that setting to see if that's causing the loop.
Also, don’t forget to set up the authentication methods correctly. It's super important for smooth MFA operation.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures