[German]A quick question for the administrators responsible for Exchange Online and Microsoft 365 applications. I've just received an email from Alex saying that their users have had massive problems with Exchange Online "since today" because the Microsoft 365 applications suddenly require multifactor authentication via the Microsoft Authenticator app on a smartphone. It's ringing in the back of my mind "there was something".
Advertising
The problem description
Alex wrote in a mail with the subject Microsoft 365 2FA that they suddenly have massive issues with Microsoft Exchange Online in his company environment since today (28.3.2024). Their users are getting a prompt:
"Protect your account" Install the Microsoft Authenticator app on your smartphone.
In Microsoft Outlook, users then only see the message that only the password is required. Without the Microsoft Authenticator app, people will no longer receive emails and will no longer be able to send emails.
Alex checked and wrote: "In the Admin Center under Microsoft 365, all accounts are set to "Deactivated", but the prompt still appears." In Alex's company environment, the problem is that not every employee has a company cell phone and it is also not desired that employees set up 2FA on their private cell phone for the company address.
The reader wrote in a second email: "Same customer still forced an account to F2A, seems to be an Easter gift from Microsoft. As soon as F2A is set up, Outlook can be reconnected and you can continue working again. I'm curious to see if more will be added during the course of the day."
Others confirms this behavior
After I've published the German edition of this blog post, many administrators confirmed this observation. Others wrote, that Microsoft has begun to change its Conditional Access policies since a while, and new tenants can be affected.
Advertising
I had a blog post Microsoft moves tenant security standards in Azure AD to MFA by May 8, 2023 dealing with that topic. Also Microsoft has published the support article Security defaults in Microsoft Entra ID with the section "Enabling security defaults". The comments at my German blog post Microsoft 365/Exchange Online erzwingt plötzlich MFA per Microsoft Authenticator-App has many comments from affected administrators describing side effects and also some solutions.
