I'm having trouble with a user getting stuck in an endless MFA prompt after signing in to a remote device configured for hybrid Windows Server 2022. The test user doesn't have any Conditional Access policies applied and can log in without issues. However, another user, who has passwordless authentication and push notification-based MFA set up, keeps facing this endless MFA challenge. What steps can I take to resolve this issue?
4 Answers
It might be worth testing by excluding the problematic user from all Conditional Access policies, then gradually adding them back one by one. Sometimes, having multiple policies that both require MFA but evaluate differently can trap users in an MFA challenge loop.
Make sure to double-check that the proper licensing is assigned to the test user. Sometimes the licensing mix-up can cause MFA issues.
Have a look at the Conditional Access policies affecting that user by checking the sign-in logs in Entra or using the What-if tool to see which policies are applied specifically to them.
You may want to check if passkey is enabled for the users facing issues. It sounds like some of your test users have it, but others might not, which could complicate their access.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures