Forum Discussion
Report on users with MFA Enabled
- Feb 28, 2018
No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.
It is not approved Microsoft process to pre publish the 2fa web page for the user to fill out. You will notice the apppassword tab is missing as when till enabled.
That is not correct. Microsoft officially says here that:
Once you enable the conditional access policy, users will be forced to enroll the next time they use an app protected with the policy. If you enable a policy requiring MFA for all users on all cloud apps, this action could cause headaches for your users and your helpdesk. The recommendation is to ask users to register authentication methods beforehand using the registration portal at https://aka.ms/mfasetup. Many organizations find that creating posters, table cards, and email messages helps drive adoption.
Using Conditional access will only let you force MFA for modern authentication, it doesn´t "disable" legacy authentication with apppasswords.
Or have I missunderstood this?
- ArjanCornelissenDec 09, 2018Brass Contributor
Disabling legacy authentication can be done with Conditional Access.
Follow these steps
- Create a new policy
- Select the users that you want this enabled on
- Under conditions select Client apps and only select Other clients
- Go to grant and select block access
- Save this policy
See the attached image