question

filipgoris avatar image
0 Votes"
filipgoris asked KomoroskeGina-5094 commented

MFA automatically enabled on Azure AD B2C tenant

I recently added an Azure AD B2C tenant to an existing subscription.

Whenever I want to manage that tenant on portal.azure.com, I have to verify my account:

MFA

After clicking Next I can only select Mobile app from the dropdown to verify my account. There is no option to verify by phone.

Since this tenant is new, I first have to register it in Microsoft Authenticator by selecting Set up:

Additional Security Verification

This brings up an error message without Correlation ID or timestamp:

Mobile app configuration unavailable

There are no Conditional Access policies. In fact, I cannot dis-/enable MFA since this tenant does not have Azure AD Premium. Nor does the Azure AD tenant holding the subscription from which this AD B2C tenant was created.

Conditional Access Policies

MFA is only required when trying to manage the AD B2C tenant through portal.azure.com, not on other applications

Questions:

  • How can I disable MFA for this AD B2C tenant? And why was it enabled in the first place?

  • If MFA cannot be disabled, how can I register my device or phone number?

Thx,


azure-ad-b2cazure-ad-multi-factor-authentication
mfa-2.png (40.9 KiB)
mfa-3.png (37.9 KiB)
mfa-4.png (48.4 KiB)
mfa-1.png (16.8 KiB)
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

M2-9090 avatar image M2-9090 ·

We're experiencing a very similar scenario with a new vanilla non-profit tenancy. Getting the same enforced requirement to setup for every single user even though there's no CA or MFA configured (although our case it's restricted to text mesage only). Turning off Security Defaults doesn't appear to make any difference. Having spent the better part of today online with Azure support, they've basically given up!

0 Votes 0 ·
KomoroskeGina-5094 avatar image KomoroskeGina-5094 ·

Hello -
This same issue just started happening on my B2C tenant. I created it on Monday of this week, and it was 'normal,'
meaning it did NOT require MFA to log into the portal.

Now, suddenly, yesterday when I logged into the portal, it required me to register and use MFA. Same issue as noted above. How did it suddenly turn on? How do I turn it off?

Thanks in advance for any help!
Gina

0 Votes 0 ·

2 Answers

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered KomoroskeGina-5094 commented

@filipgoris Looks like this is happening because of Security defaults in your tenant. To check if Security defaults are enabled, navigate to:

Azure Portal > Azure AD > Properties > Click on manage security defaults link

Note: For tenants created on or after October 22nd, 2019, it’s possible you are experiencing the new secure-by-default behavior and already have security defaults enabled in your tenant.

Refer to https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults for more details.

Please "Accept as answer" wherever the information provided helps you to help others in the community.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

filipgoris avatar image filipgoris ·

This indeed turned out to be the cause.
See this issue on stackoverflow for more info.


0 Votes 0 ·
KomoroskeGina-5094 avatar image KomoroskeGina-5094 ·

That was it! Thanks so much!
Gina

0 Votes 0 ·
FrankHuMSFT-4825 avatar image
0 Votes"
FrankHuMSFT-4825 answered

Hey @filipgoris this doesn't sound right and it looks like there must be some sort of issue going on here.


If you're still having an issue here, please email AzCommunity[at]microsoft[dot]com and I can enable a one time free support ticket. Please provide your Azure Subscription GUID and a reference to this thread. And hopefully we can get you on the right path again soon. 

Please see : https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/

On how to get a subscription GUID.

In addition to that once you are able to resolve your issue with the support engineer, please post your response on this thread so that future readers will be able to benefit from your solution. 

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.