Applies to Product - Dynamics 365 Lifecycle Services
What’s happening?
Customers are experiencing concerns regarding the Multi-Factor Authentication (MFA) setup when logging into specific applications. The issue arises when MFA is not consistently required across different platforms, leading to confusion about its enforcement.
Reason:
The observed behavior is due to the design of MFA, which is intended to be required once per browser session upon logging in. This means that if a user logs into one application (e.g., SharePoint) and then accesses another application (e.g., Dynamics 365), they may not be prompted for MFA again during the same session.
Resolution:
- Verify that user authentication methods have been added and enabled. Refer to the documentation: Manage authentication methods for Microsoft Entra multifactor authentication - Microsoft Entra ID.
- Ensure that the per-user MFA status has been set to "Enforced." More details can be found in the documentation: Enable per-user multifactor authentication - Microsoft Entra ID.
- To confirm that users are set up for mandatory MFA, follow the steps outlined in the documentation: How to verify that users are set up for mandatory Microsoft Entra multifactor authentication (MFA) - Microsoft Entra ID.
- If users are still able to log in without being prompted for MFA after the initial authentication, consider implementing a conditional access policy to enforce MFA for all logins, including subsequent logins within the same session.
