Forum Discussion

Iron Contributor

Feb 27, 2018

Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup). Looking at the status of users who I know have enabled...

Azure Active Directory (AAD)

Pablo R. Ortiz
Feb 28, 2018
No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

Jason Simotas

Copper Contributor

Jul 28, 2018

couldn't agree more with Colin

Colin Kness wrote:
The app password on the phone is the hardest for people to understand as well. You have no idea how long it will take to use the new app password on the phone. Also the tab for app passwords does not even look like a tab and is often over looked by end users.

Magnus Tengmo

Copper Contributor

Sep 05, 2018

What is the difference between enabled and enforced for

StrongAuthenticationRequirements.State

I can see enabled users with methods active, don´t really understand this.

Jef_Kazimer
Microsoft
Sep 11, 2018
Magnus,

You can find the different user states for user MFA here:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

The description column in each of the states describes the state.

However, many organizations are using Conditional Access to invoke MFA, or policy based MFA which will show the users as Disabled for user state. This is because the user may be registered for MFA (has methods registered) but is not enforced on every authentication, and using the sign in state and policies to invoke MFA. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Jef