Forum Discussion

dbetlow's avatar
dbetlow
Iron Contributor
Feb 27, 2018
Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup).  Looking at the status of users who I know have enabled...
Azure Active Directory (AAD)
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 28, 2018

    No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

JonasBack's avatar
JonasBack
Steel Contributor
Nov 23, 2018

It is not approved Microsoft process to pre publish the 2fa web page for the user to fill out.  You will notice the apppassword tab is missing as when till enabled.  

That is not correct. Microsoft officially says here that:

 

Once you enable the conditional access policy, users will be forced to enroll the next time they use an app protected with the policy. If you enable a policy requiring MFA for all users on all cloud apps, this action could cause headaches for your users and your helpdesk. The recommendation is to ask users to register authentication methods beforehand using the registration portal at https://aka.ms/mfasetup. Many organizations find that creating posters, table cards, and email messages helps drive adoption.

Magnus Tengmo's avatar
Magnus Tengmo
Copper Contributor
Nov 29, 2018
We let enduser pre-enroll MFA via https://aka.ms/mfasetup, but later Enable the enduser for MFA. After that, the possibilty to setup apppassword exists.
Using Conditional access will only let you force MFA for modern authentication, it doesn´t "disable" legacy authentication with apppasswords.
Or have I missunderstood this?