UserStrongAuthClientAuthNRequired - Due to a configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because you moved to a new location, the user must use multi-factor authentication to access the resource. Retry with a new authorize request for the resource.
Why? An MFA challenge needs to be processed correctly.
Steps to resolve:
- If the error snippet includes `00000002-0000-0ff1-ce00-000000000000`, that means that the Huntress Azure App didn't receive Exchange authorization. Currently, the simplest solution is to delete and recreate the integration, preferably using a browser without adblocking or, if unavailable, an incognito window.
- Verify the HuntressAdmin@domain.tld account that was setup in the Upstream Partner Tenant to authorize the Huntress Azure App is exclusively using Microsoft MFA and not subject to any other Conditional Access Policies.
- Downstream Client Tenants may have a Conditional Access Policy that is blocking access; this can be verified via Azure Sign-in Logs. Verify that downstream client tenant conditional access policies have exclusions set for Service Provider Users of Upstream Partner Tenant ID.
- Once changes are made, please contact Support to refresh downstream permissions.
Potential other solutions where using Per-User MFA:
Please consider migrating to Conditional Access it's far safer. (Microsoft)
- Ensure there are no trusted locations (IP addresses set), at least for original Huntress app authorization.
- Ensure the `Remember multi-factor` setting is off (Microsoft)