Forum Discussion
Disable MFA 14 day grace period?
You need Identity Protection in order to get the 14-day grace period, and Identity Protection requires an Azure AD Premium P2 license. If you are premium user then MFA will be enforced once you enable MFA via conditional access then the user cannot bypass it
This is discussed by a content author in this Github issue:
Security defaults will trigger a 14 day grace period for registration after a user's first login and security defaults being enabled. After 14 days users will be required to register for MFA and will not be able to skip.
Conditional Access by itself without Azure Identity Protection does not allow for the 14 day grace period. Identity Protection includes the registration policy that allows registration on its own with no apps assigned to the policy. If a Conditional Access policy requires Multi-Factor Authentication then the user must be able to pass that MFA request.
Thank you for your response, however, this isn't what I'm looking for.
I stated in my post that the organization does not use security defaults and they are already on a Premium subscription for Azure.
We want to enforce MFA registration immediately.
We don't want users to have the option to defer registration for 14 days.
Current behaviour: User logs in for first time - has option "skip for now (14 days until this is required)"
Desired behaviour: User logs in for first time - has to set up MFA to continue.
Did you ever find a solution for this? We would also like to turn off the grace period so they are prompted to set up MFA immediately without being able to bypass.
