Forum Discussion
SergioT1228
Sep 16, 2020Brass Contributor
Create Policy for MFA non-compliance - Require MFA for administrative roles
We are using AATP and when we review our Secure Score(security.microsoft.com) one of the action items is to "Require MFA for administrative roles". We have setup MFA but not sure what this is coming...
PeterRising
Sep 17, 2020MVP
Hi, this is not something you configure using ATP. Instead, you need to look at Azure AD Conditional Access. You can enforce MFA based on roles. Just be careful not to lock yourself out of your tenant,and exclude your permanent break glass accounts.
You can read more about CA here - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview