Forum Discussion

AdvoKaepernick's avatar
AdvoKaepernick
Copper Contributor
Aug 25, 2023

Staged rollout of MFA

Hello,

 

I'm planning to rollout MFA for all users. Since there are about 300 users I want to have a staged rollout. I already switched from legacy to Azure AD Authentication. I created a new group "MFA-Users" and matched it to the Authentication method "Microsoft Authenticator" as explicit allowed. The same I did with the registration campaign.

But somehow when I add a new user without MFA to this group, he doesn't get triggered to register for MFA.

I read somewhere that I need to enable the Security defaults as well, but it seems that then every user needs to set up MFA right away.

The given documentation has still lots of references to the old Azure Admin Center instead of Microsoft Entra.

Basically I just need the neccessary steps to deploy MFA staged to each user using the new settings for registration and Authentication Policies.

We use Business Basic and Standard licences mixed with the included Azure AD Free license.

Resources