We've provided YubiKeys to our admin users for their accounts, but they're still being prompted to set up Microsoft Authenticator when they log in. I've reviewed the Conditional Access policies and can't find anything that might be causing this issue. Any suggestions on how to resolve it?
5 Answers
Have you looked into the MFA registration campaign? It may require the admins to go through a self-service password reset process, which could be triggered by the current settings.
They need to set up multi-factor authentication (MFA) before they can use the YubiKeys as a primary method. It’s important to complete that setup first.
Double-check your registration campaign settings. Sometimes there might be a misconfiguration that forces the use of Microsoft Authenticator even when YubiKeys are set up.
While you could create a policy to bypass MFA for those admins and require only YubiKey authentication, that sounds like a hassle. It might be easier just to have them set up MFA and use the YubiKey alongside it.
You should ensure the completion of the Authentication Methods migration. That often resolves issues like these. Check out the Microsoft documentation for guidance on this.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures