Problem:
Setting up DUO – External Authentication Method (EAM) and modifying the related Conditional Access Policy, users attempting to login to the Admin Portal using a global admin account, were repeatedly prompted to register MFA methods
Solution:
Reviewed contional access policies
- Modifying Security Groups: Added a security group for Global Admin and included the 365 email.
- Turning on Default Authentication Methods, excluding the Duo group but including the Global Admin group.
- Duo Policy was adjusted by excluding the Global Admin group.
Notes:
To resolve the issue and allow Global Admins to log in without any issues, the Multifactor Authentication for Admins policy was turned on as per Microsoft’s recommendation.
After making these changes to the policies, the issue was resolved, and authentication methods now work correctly for the Global Admin account.