Azure AD Identity Protection MFA Question

%3CLINGO-SUB%20id%3D%22lingo-sub-655574%22%20slang%3D%22en-US%22%3EAzure%20AD%20Identity%20Protection%20MFA%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-655574%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20you%20are%20all%20well%20and%20my%20apologies%20if%20this%20has%20been%20asked%20before.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20we%20have%20set%20up%20Azure%20AD%20IP%20to%20require%20MFA%20for%20All%20Users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20in%20the%20Azure%20MFA%20Portal%20users%20are%20still%20set%20as%20Disabled%20and%20have%20to%20be%20manually%20enabled.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20%22as%20expected%22%20behavior%20or%20is%20there%20a%20way%20to%20automate%20%2F%20enforce%20MFA%20without%20manually%20having%20to%20select%20Enable%20in%20the%20MFA%20Portal%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInfo%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-655574%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-655771%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Identity%20Protection%20MFA%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-655771%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20you%20create%20a%20Conditional%20Access%20policy%20for%20this%20matter%3F%20Can%20you%20share%20the%20configuration%20you've%20done%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-655895%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Identity%20Protection%20MFA%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-655895%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340216%22%20target%3D%22_blank%22%3E%40fperoux%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20you%20create%20a%20Conditional%20Access%20policy%20for%20this%20matter%3F%20Can%20you%20share%20the%20configuration%20you've%20done%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20There%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20CA%20policy%20at%20this%20time%20and%20an%20%22off%20the%20shelf%22%20Require%20MFA%20Registration%20in%20Azure%20AD%20IP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340216%22%20target%3D%22_blank%22%3E%40fperoux%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-661487%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Identity%20Protection%20MFA%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-661487%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3EDepending%20of%20your%20Azure%20AD%20Plan%2C%20I%20would%20recommend%20to%20use%20Conditional%20Access.%20You%20won't%20have%20to%20activate%20MFA%20manually%20for%20everyone%20but%20based%20on%20the%20conditions%20you%20define.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConditional%20Access%20requires%20Azure%20AD%20Premium.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hi All

 

I hope you are all well and my apologies if this has been asked before.

 

Anyway, we have set up Azure AD IP to require MFA for All Users.

 

However in the Azure MFA Portal users are still set as Disabled and have to be manually enabled.

 

Is this "as expected" behavior or is there a way to automate / enforce MFA without manually having to select Enable in the MFA Portal?

 

Info appreciated.

2 Replies
Highlighted

Hello @Stuart King

 

Did you create a Conditional Access policy for this matter? Can you share the configuration you've done?

 

Thank you.

Highlighted

 


@fperoux wrote:

Hello @Stuart King

 

Did you create a Conditional Access policy for this matter? Can you share the configuration you've done?

 

Thank you.

 

Hi There

 

No CA policy at this time and an "off the shelf" Require MFA Registration in Azure AD IP

 

Stuart


@fperoux