Microsoft
MicrosoftRusty Brown i'd say that's intentional - allowing anyone to register for MFA by just clicking the link after signing in, isn't really secure, is it?
i mean.. i've been struggling with this as well, but then I realized, it would actually allow anyone in the world to register any android device just with a username and password, which MFA is actually supposed to prevent, as I understand the whole thing.
so currently, we're doing Conditional Access exception for Intune registration at our premises, which is the place where new users register for MFA most of the time anyway. this allows to configure MFA for pretty much all scenarios, EXCEPT when the newcomer isn't able to arrive at the office for onboarding session at all.
but perhaps robynhicock can enlighten us and tell us how is the first-time user supposed to securely enroll in MFA using their android enterprise fully managed device, while MFA is required for device enrollment..
