Hello Databricks Community,
We are using Azure Databricks with Microsoft Entra ID (Azure AD) authentication.
Our current login experience is the following:
Access to the Databricks Account Console requires Microsoft Entra MFA.
The first access to a workspace requires both Microsoft Entra MFA and an email OTP verification code.
Subsequent accesses to the workspace require only the email OTP verification (after the browser session/cookie has been established).
For security and compliance reasons, we would like to enforce Microsoft Entra MFA for every workspace login and avoid the email OTP verification step entirely.
Could you please confirm:
Is it possible to configure Azure Databricks workspaces to rely exclusively on Microsoft Entra ID authentication and MFA?
Is it possible to disable the workspace email OTP verification step?
Is there any supported configuration (Unified Login, Conditional Access, Authentication Policies, etc.) that forces a fresh Microsoft Entra MFA challenge for every workspace login?
If this is not currently supported, could you clarify the intended authentication flow and any roadmap items related to this behavior?
Thank you.