Turn off MS authenticator for admin accounts - use alternate 2fa provider instead
WE have configured DUO as our 2fa External authentication method in entra. When our o365 users login they are prompted to select DUO as an auth provider and are then are able to login to duo. Standard users work fine.
Any user that is an office 365 admin is first prompted to use thems authenticator, they must then select "I can't use my Microsoft Authenticator app right now" to be given the option to use DUO as a 2fa provider which will work when selected.
We have set the microsoft managed conditional access policy
Multifactor authentication for admins accessing Microsoft Admin Portals
to "off" and our admin users are covered by our active 2fa DUO conditional access policy so 2fa is effectively enabled for these users.
How do we turn off the initial request to use MS authenticator when an o365 admin logs in . We have 2fa properly setup using EAM with DUO including for our tenant admin accounts.