Forum Discussion
Report on users with MFA Enabled
- Feb 28, 2018
No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.
It is not approved Microsoft process to pre publish the 2fa web page for the user to fill out. You will notice the apppassword tab is missing as when till enabled. I have found if users prefill out this form there is a problem in the 2factor process. I need to reset all users that pre filled out form. The hole process of enable and auto enforce makes the 2 factor process very difficult to role out. The app password on the phone is the hardest for people to understand as well. You have no idea how long it will take to use the new app password on the phone. Also the tab for app passwords does not even look like a tab and is often over looked by end users. The visibility into the whole process is a complete different experience form Duo, reports what reports ! Microsoft = NO reports of value... with out PowerShell.
couldn't agree more with Colin
Colin Kness wrote:The app password on the phone is the hardest for people to understand as well. You have no idea how long it will take to use the new app password on the phone. Also the tab for app passwords does not even look like a tab and is often over looked by end users.
- Magnus TengmoSep 05, 2018Copper Contributor
What is the difference between enabled and enforced for
StrongAuthenticationRequirements.State
?
I can see enabled users with methods active, don´t really understand this.
- Jef_KazimerSep 11, 2018
Microsoft
Magnus,
You can find the different user states for user MFA here:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
The description column in each of the states describes the state.
However, many organizations are using Conditional Access to invoke MFA, or policy based MFA which will show the users as Disabled for user state. This is because the user may be registered for MFA (has methods registered) but is not enforced on every authentication, and using the sign in state and policies to invoke MFA. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Jef