question

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT asked ·

[MSDN Redirect] Conditional Access

Hello,

When trying to setup MFA I selected an option that has resulted in problems signing in.

At first I enabled the Conditional Access policy which requires MDF for admins.This worked fine and we had to use the MS Authenticator app for sign in.But we wanted a backup solution so we were searching for a way to also have the option to login with text message. The additional security verification was missing when accessing the user profile. Until we went to the AD Directory properties and enabled the security default option.

The problem now is that MFA is required for all users, not admins only..When reading more about MFA, I suspect this is because we enabled the security defaults in the Azure AD Properties. I went back and put this setting back to No. But now the Baseline policies in Conditional Access don't show up anymore. How can I restore these policies?

We are using Office 365 Business licenses. So, I assume this is a Free Azure AD we are using.

The most important part is how to disable MFA for all users. We have general mailboxes, for which it is not applicable to add a MS Authenticator app, because it isn't a personal mailbox. (Why we don't use shared mailboxes for this, is because these can't be used/viewed on mobile phones.)

Many thanks in advance for helping us out.

Steve

Source

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

Once "Security Defaults" are enabled, you can never go back to Baseline policies. Enabling "Security Defaults" automatically disables all baseline policies which results in their deletion. There is no way to recover the baseline policies as these are deprecated and being removed from all tenants. This removal is targeted for completion at the end of February 2020. Tenants not migrated to Conditional Access or Security Defaults prior to February 29, 2020 will be unprotected.

If you need MFA for admins and not for standard users, you would need to use Conditional Access that requires Azure AD Premium P1 or P2.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.