question

ShahinMortazave-1426 avatar image
0 Votes"
ShahinMortazave-1426 asked ShahinMortazave-1426 edited

Provision MFA for new users

Hi,

We have already enabled the MFA for our users and it is working fine. Now I would like to know if it is possible to provision MFA for new users, the new users need to reset their password when they login for the first time to their accounts so I cannot enable the MFA for the new users until they already logged in once.
If we had one or 2 new users a month then I would do it manually after the users logged in but this is not easy task when you must create 40 or more accounts a month. Does anyone have any suggestion on how to enable the MFA automatically once the user logged in?

Thanks

azure-active-directoryazure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

You can accomplish something similar to this using Azure Active Directory Identity Protection. Go to Configuration > MFA registration > Require Azure MFA Registration. This does require a P2 Premium license.

Azure Active Directory Identity Protection will prompt your users to register when they sign in interactively and they will have 14 days to complete registration. During this 14-day period, they can bypass registration but at the end of the period they will be required to register before they can complete the sign-in process.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShahinMortazave-1426 avatar image
0 Votes"
ShahinMortazave-1426 answered ShahinMortazave-1426 edited

@MarileeTurscak Thanks for your replay,
From what I can see this policy already has been setup in Azure for all users, I did create a new user account and assign a Office 365 business premium license that also contain a P2 license to this new user but when login with user he don't see the message that he has 14 days to configure the MFA.
Did I mis something?

94421-image.png



UPDATE,

I think I see the issue here, the policy in not Enforced.
Question remaining is, when we enforce this policy what would happens to the users that already have configured their MFA and already using it?
When creating the new users should we assign the P2 license and also enable the MFA at the same time?

Thanks


image.png (9.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.