The original post: /r/cybersecurity by /u/tech_london on 2024-07-04 14:50:48.
Has anyone observed any inconsistencies with the MFA enforcement under Microsoft 365’s security defaults? In some cases, users can log in without being prompted for MFA, especially when using test accounts on VMs or Sandboxes. Despite having security defaults turned on, these logins sometimes bypass MFA.
I know that conditional access policies offer a more reliable solution, but not everyone opts for them. I’m curious if others have faced similar issues and if there are specific factors, like logins from the same public IP address, that might cause MFA not to be triggered. Even with a VM or different physical device, it seems MFA should still be required. Has anyone else encountered this problem?
You must log in or register to comment.