right now user is prompted for additional information even when MFA and pw recovery is turned off. Users are now more likely to be phished
Right now users are prompted for additional information even when MFA and self service sign on is turned off. Microsoft can't tell us why this is or when the popup will happen. They can't even tell us the url! And there is now way to bypass this. If I just tell my users to answer these questions whenever the additional information request pops up, and I can't tell them the URL, their guard is down and users are now more likely to be phished!