Good morning community, 

Our tenant has two conditional access policies:

“Admins require MFA” (Microsoft default)”Require signing in again after 12 hours” (User specified) 

Here’s our current problem:

1. For the “Admin MFA” policy, for some reason some Global Admins have to enter MFA while others are never prompted. There is no distinction in configuration between users of these two groups. Our IT-Admin for example is being prompted, while Head of Controlling isn’t.

2. For our custom policy, again not all users are affected. For example, our many external users (distributors) are not affected by this policy and don’t require a re-sign in.

Are there any specific configurations I should be looking at? How should we proceed to fix these issues?

Thank you in advance for taking the time to answer.

​Good morning community,  Our tenant has two conditional access policies:”Admins require MFA” (Microsoft default)”Require signing in again after 12 hours” (User specified) Here’s our current problem:1. For the “Admin MFA” policy, for some reason some Global Admins have to enter MFA while others are never prompted. There is no distinction in configuration between users of these two groups. Our IT-Admin for example is being prompted, while Head of Controlling isn’t. 2. For our custom policy, again not all users are affected. For example, our many external users (distributors) are not affected by this policy and don’t require a re-sign in. Are there any specific configurations I should be looking at? How should we proceed to fix these issues? Thank you in advance for taking the time to answer.  Read More

​