Azure MFA requirement


  • Microsoft 365 is federated through Okta
  • MFA token claim is being passed from Okta to Azure (enabled)
  • We have an Azure conditional access policy to require re-authentication every 1 hr (session) with MFA
  • We have Okta’s M365 app authentication policy to authenticate on every sign-in attempt (to pass the MFA claim to Azure)

Sometimes, when the hour passes, if the user (admin) is working in M365 Admin Center, Azure will ask the user to reauthenticate with Okta. The user will then MFA but then they find themselves in an infinite loop.

Is it necessary to have MFA required on the Azure end? Has anyone configured M365 tenants to leave MFA off but just use Okta MFA?