After federating an Office 365 domain with Centrify, end users receive a Microsoft multi-factor authentication prompt at the Outlook client. A login authentication policy is not created at the Centrify Admin Portal.Cause:
Azure Active Directory Conditional Access for SaaS apps and Azure AD connected apps lets you configure conditional access based on group, location, and application sensitivity. If a user has been configured using the per-user multi-factor authentication feature, this setting on the user will combine with the multi-factor authentication rules of the app. This means a user that has been configured for per-user multi-factor authentication will be required to perform multi-factor authentication even if they have been exempted from the application multi-factor authentication rules.Resolution:
Complete the following steps to disable or remove the user from the access rule:
- Sign in to the Azure classic portal Using an account that is a global administrator for Azure AD.
- On the left pane, select Active Directory.
- On the Directory tab, select your directory.
- Select the Applications tab.
- Select the application that the rule will be set for.
- Select the Configure tab.
- Scroll down to the access rules section. Select the desired access rule.
- Disable or remove the user from the access rule.
The following link is provided as a courtesy to explain in more detail.https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps
For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help
or visit the Centrify Customer Portal at support.centrify.com