We've provided YubiKeys to some of our admin users for their accounts, but they're still being prompted to set up Microsoft Authenticator upon login. I've checked the Conditional Access policies and can't find anything that would explain this behavior. Does anyone have insights or suggestions to resolve this?
5 Answers
Also, check if there’s a registration campaign active. Sometimes Microsoft manages these for MFA registration, and that could be causing the prompts.
You know, you could technically set up a Conditional Access policy to exclude those admins from MFA, allowing only YubiKey authentication. But honestly, setting up MFA might be simpler in the long run. I use my YubiKey along with MFA daily, and it works great!
Have you finished the Authentication Methods migration? It’s worth checking out the documentation to see if that’s affecting the setup: https://learn.microsoft.com/en-us/en.../authentication-methods-manage
Absolutely, look into the MFA Registration campaign or consider if there’s a Self Service Password Reset in place. Those settings might be affecting the YubiKey setup.
Before admins can use their YubiKeys, they need to set up Multi-Factor Authentication (MFA). Make sure they go through that process first!
Is your YubiKey set as the default authentication method? These admins don't have work devices for Microsoft Authenticator, but if the YubiKey is the default, that should work fine.