Target
Customers who have configured a federated connection between Microsoft 365 and Access Control via the Access Control admin console, following the steps outlined in the article below.
[Access Control] Federation Connection Process with Microsoft 365
Notes
- Customers who have configured their federated connection using PowerShell commands are not eligible.
- This feature will be enabled for all tenants, and it cannot be enabled or disabled from the admin console of individual tenants.
Contents
Starting from the third week of April 2026, a new feature will be released in Access Control that skips Microsoft 365 multi-factor authentication (MFA) even when MFA is configured on the Microsoft 365 side, provided that a specific authentication(*) is performed.
*"Specific authentication" refers to authentication using any of the following methods:
- All authentication methods using OTP (including HENNGE Lock push notifications).
- Authentication using a Device Certificate or Tenant Common Certificate, combined with manual password entry.
This feature is being implemented to reduce the redundancy of having to perform MFA again on Microsoft 365 after it has already been completed in Access Control.
Please note that this feature does not support environments where federation connections are managed via PowerShell commands. If you wish to use this feature, please upgrade your federation through the Access Control management screen by following the method described in step 6 of the "Procedure" section in the article below.
[Access Control] Federation Connection Process with Microsoft 365