Hello Devolutions community,
yesterday i created three new users in DVLS and i discovered that my conditional access rule for enforcing 2FA stopped working. In the past new users got a prompt after the first login to configure 2FA, when the condition access rule got enforced. Currently i am using DVLS-Version 2026.2.9.0 and the mentioned prompt doesn`t show up and the user gets logged in instead. In my case its a domain user, but I also was able to reproduce the issue with an internal DVLS-user.
Here are screenshots of the conditional access rule for enforcing 2FA and the 2FA settings on the DVLS.

Unfortunally i cant remember the last time that mentioned prompt on first log was working, because i didn`t had to create new users for the past 6 months. As a workaround i manually enabled 2FA on each account.
Please take a look at it let me know if this is a bug or a configuration error on my site.
If you need further information let me know.
Thanks in advance and best regards,
Markus
2a31192a-31cf-4d66-ba42-801ae7e0ca3f.png
57b2509b-fe3f-4332-9c73-1796b96704ab.png
Recommended Answer
We have released DVLS 2026.2.11.0 which fixes this issue and hardens the handling of default MFA values.
Sébastien Duquette
Hi Markus,
We think we have identified the cause of this behavior, could you try setting the Default MFA in the Multi-factor settings page and check if the issue persists? We noticed that your default is set to None which is an invalid configuration and we reproduce the issue when we force it to this value. This is only as a workaround and to help us confirm if this is your issue, we are working on a fix to make sure the MFA is always be enforced, users shouldn't be able to login this case.
Sébastien Duquette
9912ece4-96e3-471a-b412-9df01a52b449.png
Hello @Sebastien Duquette
I switched the default 2FA to TOTP like you mentioned and now the 2FA enforcement startet working again. I would say your assumption is correct. I looking forward for the final fix in an upcoming update.
Thanks for the quick support and have a nice weekend!
Best regards,
Markus
We have released DVLS 2026.2.11.0 which fixes this issue and hardens the handling of default MFA values.
Sébastien Duquette