Forum Discussion
SSPR registration enforcement with Combined Registration Enabled
Hi, We have the Combined Registration for MFA and SSPR enabled as described here, https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined, and ...
We have tested the registration enforcement through the MFA Registration Policy, in Azure AD, under Security->Identity Protection->MFA Registration, that works really well. You can target it at specific users via AAD groups. The only issue for us is that by default it gives users only 14 days to register, after that they cannot skip it anymore and are forced to do it.
The old SSPR registration enforcement actually allowed people to continue to skip the registration indefinitely, something we actually want.
The old SSPR registration enforcement actually allowed people to continue to skip the registration indefinitely, something we actually want.
I agree on the MFA Registration works well too, just notice that you need Azure AD Premium P2 for this.