Question: A new tenant has been created and upon first time login to the admin portal, there are MFA prompts, but MFA has not been configured yet. Is this normal?
Answer: Yes, this is expected behavior. This was implemented as an added security measure. MFA can be turned off by disabling the Default Policy if desired.
Question: It has also been noticed that if an attempt to login to the admin portal by a user who is not existing in the system is also requiring MFA. Is this also expected?
Answer: Yes, this is expected. This helps to prevent attackers from determining if a username is valid.