Forum Discussion
Enabling per-group MFA
We're looking, if possible, to enable MFA "per-group" and not "per-users" in the Office365 Organization.
IN On-Prem AD we created group GRP-MFA and replicated it to O365 via Entra ID Connect.
We used that group to select which Authentication methods are available to Group's members but then we couldn't find a way to enable MFA "per-group" but only per users.
The licenses available are Microsoft 365 Business Standard
Thanks
SC
2 Replies
Upgrade to M365 Business Premium and use Conditional Access Policies.
There is no such functionality, you have to create your own solution that fetches the group's membership, then toggles per-user MFA. The issue with that approach is that the endpoint used for that is not an officially supported one (i.e. not part of the Graph API), so the method is a bit more involved. I wrote about the process here, if you decide to give this method a shot: https://www.michev.info/blog/post/6215/legacy-mfa-settings-in-the-entra-portal-and-how-to-control-them-programmatically
