Forum Discussion
Conditional Access, MFA and having it all set up via best practices
I inherited a M365 environment and trying to hash everything out. I came from a previous Google environment where there was only one way to set something up, so my brain is adjusting. MFA is c...
If you already have CA policies setup as expected (i.e. users are prompted to register the desired MFA methods and prompted to do MFA where needed), you can simply "upgrade" the policy to require specific methods via the so-called auth strength control: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-strengths
The article also explains how the other settings relate to said control. The biggest challenge would be making sure the users have a phish-resistant method registered, as if you enforce this requirement via CA policies, users with no valid method registered will end up with blocked access.
The article also explains how the other settings relate to said control. The biggest challenge would be making sure the users have a phish-resistant method registered, as if you enforce this requirement via CA policies, users with no valid method registered will end up with blocked access.