Forum Discussion
End users setting up MFA for the first time. Experience and security?
We are working on a plan to force MFA for none trusted IPs. But most of our users have not setup MFA yet. I'm concerned the setup process isn't simple enough and thinking about risk. How do you allow...
There are a few ways to manage this:
- Some just use user communication and request the users to setup MFA preemptively
- Others use Identity Protection, there is a policy to require MFA setup.
- Some use scripts to check which users haven't set-up MFA (https://techcommunity.microsoft.com/t5/azure-active-directory/report-on-users-with-mfa-enabled/m-p/165807)
- Some just use user communication and request the users to setup MFA preemptively
- Others use Identity Protection, there is a policy to require MFA setup.
- Some use scripts to check which users haven't set-up MFA (https://techcommunity.microsoft.com/t5/azure-active-directory/report-on-users-with-mfa-enabled/m-p/165807)
- Sorry I wasn't clear.
Our concern it when I user is going to setup MFA for the first time, if they do it themselves. How do you know its them setting it up?
That seems like a risk. Your enabling MFA to reduce risk and add security but you only have username/password when your first setting up MFA to confirm its them.
it would be better if I could use CA when setting the user sets up MFA to require the user to be on a trusted network or on a managed device.- This is also usually how we set it up, only allow MFA Registration from our own IPs or at least the countries we are active in.
