Forum Discussion
Prevent "Skip Setup" on MFA+SSPR registration in a trusted network?
We have MFA+SSPR combined registration enabled. We have conditional access policy enforce MFA with an exclusion for trusted networks. We also have SSPR enforced registration turned on.
I noticed, for a brand new user account logging in to https://portal.office.com/ for the first time IN a trusted network, on the URL starting with https://mysignins.microsoft.com/ they can click "Skip setup" in the bottom left.
https://i.imgur.com/AH1ZRzN.png
If they sign in for the first time outside of the trusted network, it looks identical but without "Skip setup" at the bottom.
Is there anyway to prevent "Skip setup" on trusted networks even if we do not require MFA on trusted network? The intended behavior we do want is for all users to be forced to register MFA as soon as possible.
1 Reply
- Hey.. I had same issue and used a aad-group and conditional access policy. All Users are member of that group. that group is assigned to the policy. that policy required mfa without excludes.... if MFA is configured then Users will be removed (automation) from that group.
