Hi,
I have a couple of questions regarding Registration Enforcement in the combined mode, based on information on this page https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined
- After you enabled combined registration, users need to register or confirm their phone number or mobile app through the new experience to use them for both MFA and SSPR. Is it so that the already registered methods in MFA or SSPR will not work for both if they do not re-register or re-confirm their authentication methods through the new experience?
- If we enforce registration through SSPR settings, is it correct that the registered authentication methods will only be valid for SSPR and not MFA?
- We want to take advantage of the SSPR feature to have users re-confirm their authentication methods after X number of days, but if we have enforce registration through MFA's identity protection settings or Conditional Access, then does that mean we cannot utilize the SSPR re-confirmation feature for both?
Thanks.
Microsoft