Forum Discussion
Migrate users from Office 365 multi factor authentications to Azure conditional accss
Hi all, We enabled Office 365 MFA in our organization (We have E1 licensing). We recently discovered that Microsoft enabled for us Azure conditional access where we can let the users work without...
Not possible, one of the things with MFA is what you know, they have to setup something that only they know on that device for the MFA setup. Conditional access also is not part of E1, it requires some pretty heavy configuration and is part of Azure AD Premium P1 licensing, same for the expanded apon MFA which is part of that. Here is feature matrix for Azure AD Premium.
https://azure.microsoft.com/en-us/pricing/details/active-directory/
To my knowledge the only MFA you get with Office 365 E1 is the basic built in login MFA.
https://azure.microsoft.com/en-us/pricing/details/active-directory/
To my knowledge the only MFA you get with Office 365 E1 is the basic built in login MFA.
Well we were able to set up conditional access to some extent, we were able to disable office MFA for a user and set that user with conditional access and it works pretty well.
My question is if there is any way to migrate the user to conditional access without a lot of user intervention mainly re-setting the user's second authentication device.
- Some things like Azure AD Premium stuff will activate with one license or when a trial is spun up and will stay in the tenant, and just because you can doesn't mean you don't need a license for it ;). You don't want to get stuck in an audit scenario and have Premium features configured with no licenses on your tenant. I'd triple check it before rolling it out with Microsoft / Reseller but pretty sure you need a licenses for any conditional access just to be sure.
- The conditional access options are limited, we have 4 options: 1 is required MFA another is device registration and 2 more that I don't remember.
When we found out about it, it was with a certified Microsoft consultant which was shocked as we were.
Because these options are sufficient to our needs, we would like to roll it out.
