Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,450 questions
Turn off MS authenticator for admin accounts - use alternate 2fa provider instead
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 46%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Mike Cohen
0
Reputation points
WE have configured DUO as our 2fa External authentication method in entra. When our o365 users login they are prompted to select DUO as an auth provider and are then are able to login to duo. Standard users work fine.
Any user that is an office 365 admin is first prompted to use thems authenticator, they must then select "I can't use my Microsoft Authenticator app right now" to be given the option to use DUO as a 2fa provider which will work when selected.
We have set the microsoft managed conditional access policy
Multifactor authentication for admins accessing Microsoft Admin Portals
to "off" and our admin users are covered by our active 2fa DUO conditional access policy so 2fa is effectively enabled for these users.
How do we turn off the initial request to use MS authenticator when an o365 admin logs in . We have 2fa properly setup using EAM with DUO including for our tenant admin accounts.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Akhilesh 8,950 Reputation points Microsoft Vendor2024-09-19T16:53:53.4333333+00:00 Hi @Mike Cohen
Thank you for reaching Microsoft Q&A forum!
If I understand correctly, you have configured the DUO for 2FA but when users sign in it is prompted and directed to Microsoft authenticator app not the DUO and you are selecting, I can't use my Microsoft Authenticator app right now" to be given the option to use DUO as a 2fa provider which works.
Since you have managed the conditional access policy, may I know have you create the custom controls for DUO MFA if yes have you select the RequireDUOMfa custom controls in the Access control baled of your conditional access policy?
For more information I suggest you go through the document and video Duo Two-Factor Authentication for Microsoft Entra ID (formerly Azure Active Directory)
Sign in to comment
Sign in to answer