IDEE
← External MFA Integration (M365)

πŸ” Troubleshooting Tip: EAM Not Showing as an Option

If users don't see your External Authentication Method (EAM) as a sign-in option, here's a quick fix to check!

πŸ›‘οΈ Tip 1: Configure a Conditional Access Policy for MFA

This ensures users are prompted for MFA, which is often required before the EAM option appears.

  1. Go to the Microsoft Entra Admin Center.

  2. Navigate to:
    Protection β†’ Conditional Access β†’ Policies

  3. Click + New policy.

  4. Give your policy a descriptive name (e.g., "Require MFA for EAM Users").

  5. Assignments > Users: Select the same group you added to your EAM configuration.

  6. Target resources: Select All resources (or choose specific apps for testing).

  7. Access controls > Grant:

    • Select Grant access

    • Check the box for Require multifactor authentication

    • Click Select

  8. Set Enable policy to On.

  9. Click Create.

Test it out! Have a user in the group log in. After entering their username and password, they should now see the EAM option. πŸ‘€

πŸ” Tip 2: Check Authentication Strengths Settings

If the EAM option is still missing, the authentication strength configuration might be blocking it.

  1. In the Entra Admin Center, go to:
    Protection β†’ Authentication methods β†’ Authentication strengths

  2. Find and click on Microsoft Authenticator.

  3. Click the Configure tab.

  4. Important: Ensure all options are set to Enabled instead of Microsoft Managed.

    • "Microsoft Managed" means Microsoft decides when to show the option, which can sometimes hide your EAM.

  5. Click Save.