How to require the Microsoft Authenticator app for login for specific users

JH 26 Reputation points
2021-10-20T21:23:34.4+00:00

How do I prompt for and require a specific group of users to set up the Microsoft Authenticator app before logging in? I can require users to set up a phone number using either a conditional access policy or on a per-user basis, but I do not wish for my users to use a phone number for MFA, as phone verification is less secure and less convenient. I am aware that I can use "Enable Security Defaults" to require the Authenticator app for all users, but I cannot use this policy because I need it to apply to only a certain subset of users, not all of them.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,696 questions
0 comments
Accepted answer
  1. Cristian SPIRIDON 4,471 Reputation points
    2021-10-21T05:35:01.043+00:00

    Hi @JH ,

    MFA verification options can be set per tenant and will be the same for all users that are enabled for MFA.
    I don't see anywhere in Azure docs that you can have different MFA verification options for different users.

    To set MFA verification options or enable/disable users for MFA you can go to following link:
    https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx

    And any CA you set will apply on top.

    Hope this helps!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest