Forum Discussion

Copper Contributor

Feb 13, 2025

MFA User Group

Hello everyone, I'm new to this group. My first exposure to MS365 Administration happened in October 2023 when a former MSP was paid to move my company's Exchange on-prem to the cloud. I'm putting ...

microsoft 365

microsoft 365 admin center

outlook

VasilMichev

MVP

Feb 13, 2025

Depends on what they configured. Assuming they enforced MFA via Conditional access policy, those two groups are likely used to scope inclusions/exclusions for said policy. You can check via the Entra ID portal, here's the documentation: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies

Romanof54
Copper Contributor
Feb 13, 2025
Thank you for the quick response. My Entra ID portal does show 7 conditional access policies but only one, related to Admins, is specified for MFA enforcement. I appears the policies were built as part of the design but no one was added. I will be doing some more home work on this and I think best practice is to maintain the MFA Users and MFA Exclusion groups as some user have left and others have onboarded.