Under authenticators, I’ve activated the security question as recovery only and set it as required under the enrollment default policy. Nonetheless, when a user receives an activation email, the security question only shows as optional after the password has been set by the user.
I tried modifying the password’s default policy rule to have the additional verification as “Only security question”, but it keeps showing as optional.
How can I achieve the security question to be prompted as required when a user receives the activation email?
check out these two docs about MFA and Recovery, they should provide some inisght:
It sounds like you have configured the security question to be required during enrollment but are experiencing issues with it not being required during activation. Ensure that the activation flow is correctly set up to prompt the user for the security question before activating the account. Then Test the activation process to see if the security question is being prompted as required. If it is not, you may need to check your default policy settings again or adjust the activation flow. We at Triotech Systems make sure each of these are done step by step to avoid any hindrances.