Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8978- Office 365 users receiving Azure MFA prompt at the Outlook client

1 August,17 at 04:44 PM

Applies to: Centrify Identity Service, App Edition

Issue:


After federating an Office 365 domain with Centrify, end users receive a Microsoft multi-factor authentication prompt at the Outlook client. A login authentication policy is not created at the Centrify Admin Portal.


Cause:


Azure Active Directory Conditional Access for SaaS apps and Azure AD connected apps lets you configure conditional access based on group, location, and application sensitivity. If a user has been configured using the per-user multi-factor authentication feature, this setting on the user will combine with the multi-factor authentication rules of the app. This means a user that has been configured for per-user multi-factor authentication will be required to perform multi-factor authentication even if they have been exempted from the application multi-factor authentication rules.


Resolution: 


Complete the following steps to disable or remove the user from the access rule:
  1. Sign in to the Azure classic portal Using an account that is a global administrator for Azure AD.
  2. On the left pane, select Active Directory.
  3. On the Directory tab, select your directory.
  4. Select the Applications tab.
  5. Select the application that the rule will be set for.
  6. Select the Configure tab.
  7. Scroll down to the access rules section. Select the desired access rule.
  8. Disable or remove the user from the access rule.


The following link is provided as a courtesy to explain in more detail.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps



For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Centrify Customer Portal at support.centrify.com

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.