Forum Discussion
Disable MFA 14 day grace period?
You could use Azure AD Conditional Access to enforce MFA when users access O365 from an untrusted network. This was users will be forced to register for MFA as soon as they access 365 resources.
You could also enforce MFA registration from the trusted network only. This way users will be able to access O365 only after registering MFA and only from the trusted network.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined
I hope it helps
Antons
Thanks for your reply.
"You could use Azure AD Conditional Access to enforce MFA when users access O365 from an untrusted network."
I believe this is already configured, and what we are seeing is not many people are registering because not many are accessing M365 outside of work or outside of trusted devices/networks so that is why they are looking at this alternative...
"You could also enforce MFA registration from the trusted network only. This way users will be able to access O365 only after registering MFA"
Could potentially be an option however you went on to say "and only from the trusted network."
What do you mean "and only from the trusted network"?
Do you mean that they would be forced to register while connected to the trusted network and then they would be unable to access M365 services from outside of the trusted network once registered?
Or they would be forced to register, but they will be able to access from anywhere that Conditional Access policies permit once they have registered for MFA?
I don't want a scenario where users are forced to register for MFA and then can't do something like logging on to OWA on their home PC for example. That would not be ideal.
Look forward to hearing from you regarding that suggestion further. Thanks!!
