Hi @Jason Kowalczyk ,
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
Issue:
In a tenant where Security Defaults were disabled, MFA was still being required for an Android user. Conditional Access was enabled, but the user was excluded from MFA. Yet the user was still prompted for MFA.
Resolution:
Setting Require Multi-Factor Authentication to register or join devices with Azure AD to No under Devices > Device settings resolved the issue. Turning off Security Defaults does not disable this setting, so users would still be prompted for MFA.
Let me know if this accurately describes your resolution and if you questions or run into any issues. Thank you again for your time and patience throughout this issue.
-
If the information provided accurately summarizes your solution, please consider Accepting the answer. This will help improve discoverability for others in the community who might be researching similar information.