Forum Discussion
Solved
Report on users with MFA Enabled
We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup). Looking at the status of users who I know have enabled...
No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.
We let enduser pre-enroll MFA via https://aka.ms/mfasetup, but later Enable the enduser for MFA. After that, the possibilty to setup apppassword exists.
Using Conditional access will only let you force MFA for modern authentication, it doesn´t "disable" legacy authentication with apppasswords.
Or have I missunderstood this?
Using Conditional access will only let you force MFA for modern authentication, it doesn´t "disable" legacy authentication with apppasswords.
Or have I missunderstood this?
Disabling legacy authentication can be done with Conditional Access.
Follow these steps
- Create a new policy
- Select the users that you want this enabled on
- Under conditions select Client apps and only select Other clients
- Go to grant and select block access
- Save this policy
See the attached image
