I enabled MFA on my local account in Azure Ad B2C using "Per-user multifactor authentication.", then I tried to log in with my local account but I am getting an invalid username and password. Ideally, it should ask for phone verification and allow the user to login.
Followed the below steps to enable MFA on local Azure AD B2C users.
- Go to Azure Ad b2c tenant
- Go to Users.
- Go to Per-user multifactor authentication Searched for the user and enabled the MFA.
- Started seeing the below error.
- Same behavior on Enforcing MFA.
- The user has phone details added to the Authentication method.
- Also used the updated Custom policy changes as per this documentation
When I disable the user, I am able to log in properly with that account.
Sign-in logs show the below details(it varies on the timings of the errors):
Failure reason
Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}'.
Additional Details
Either a managed user needs to register security info to complete multi-factor authentication, or a federated user needs to get the multi-factor claim from the federated identity provider. There could be multiple things requiring multi-factor, e.g. Conditional Access policies, and
per-user enforcement, requested by the client, among others.
Please let me know if there are any other steps I am missing.
I appreciate feedback and input to correct the errors.