Forum Discussion
MFA: can I make registering MFA optional but then require it for signing in?
Can I make registering for Azure MFA optional but if it is configured on an account then require it for signing in?
Example: If I set up MFA on an account that is not MFA-enabled or MFA-enforced, then MFA is not required to log in, but if I enable MFA for an account, then the user must set up MFA immediately.
(I hope this makes sense.) A lot of consumer sites make two-factor auth optional but will enforce it after you set it up.
We want people who are concerned about security to register for and use MFA, but we give a grace period for those resisting the idea. Thank you.
MFA is not a self-service, you as the admin determine which users require it (either by directly enforcing or using CA policy), and only then the users can register.
4 Replies
It depends on how you are configuring MFA. If it's via the MFA portal, the user will have to register after his currently valid token expires. If it's via Conditional access policy, the user will have to register only when it hits some resource that requires MFA.
VasilMichev I only want to require MFA if the user has registered for it. Is this possible?
MFA is not a self-service, you as the admin determine which users require it (either by directly enforcing or using CA policy), and only then the users can register.
