hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.
hi team, what if a user's MFA status is "disabled" however in the PIM role setting, the activation is set to "required MFA". what will happen when the user is trying to activate the eligible assignment.
PIM takes precedence and will override any other MFA settings, so that is expected behavior. Enabled/enforced/disabled doesn't matter to any of the Azure AD features since it's intended for per-user MFA.
@SimonLi-9212
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
5 people are following this question.