AzureAD Office365 Business settings for MFA requirements

%3CLINGO-SUB%20id%3D%22lingo-sub-1564178%22%20slang%3D%22en-US%22%3EAzureAD%20Office365%20Business%20settings%20for%20MFA%20requirements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1564178%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20find%20where%20on%20Microsoft365%20Apps%20for%20Business%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22OrionJason_0-1596504809724.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210107i16956C0178C78F51%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22OrionJason_0-1596504809724.png%22%20alt%3D%22OrionJason_0-1596504809724.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EI%20can%20set%20MFA%20registration%20requirements%20and%20if%20the%20associated%20AAD%20supports%20per-domain%20configuration.%20I%20have%20a%20secondary%20domain%20that%20is%20federated%20and%20the%20primary%20(onmicrosoft.com)%20that%20is%20not.%20I%20want%20to%20remove%20all%20MFA%20requirements%20from%20the%20federated%20domain%20while%20making%20registration%20required%20for%20the%20non-federated%20domain%20so%20that%20the%20admin%20account%20that%20is%20not%20federated%20is%20still%20secured.%20Is%20this%20possible%20without%20upgrading%20AAD%20to%20Px%3F%20If%20so%2C%20is%20this%20set%20in%20the%20UI%3F%20I'm%20also%20happy%20to%20be%20directed%20to%20PS-based%20configuration.%20All%20documentation%20I%20can%20find%20is%20for%20settings%20that%20are%20blocked%20by%20my%20licensing%20level%20and%20it%20is%20very%20frustrating.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1564178%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1564442%22%20slang%3D%22en-US%22%3ERe%3A%20AzureAD%20Office365%20Business%20settings%20for%20MFA%20requirements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1564442%22%20slang%3D%22en-US%22%3E%3CP%3EThose%20settings%20are%20not%20configurable%20per%20domain.%20Also%2C%20%22Microsoft%20365%20Apps%20for%20business%22%20is%20just%20the%20Office%20software%2C%20no%20additional%20services.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1565486%22%20slang%3D%22en-US%22%3ERe%3A%20AzureAD%20Office365%20Business%20settings%20for%20MFA%20requirements%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1565486%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BMicrosoft%20Apps%20for%20business%20most%20assuredly%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Factive-directory%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Edoes%20include%20AzureAD%20functionality%3C%2FA%3E.%20We%20are%20additionally%20using%20Microsoft%20Intune%20Device%20licenses%20to%20manage%20a%20handful%20of%20Windows%2010%20systems.%20Rudimentary%20MFA%20is%20also%20included.%20It%20was%20enabled%20before%20I%20federated%20Azure%20to%20GSuite.%20I%20would%20like%20to%20disable%20it%20now%20or%20find%20a%20method%20of%20informing%20Azure%20when%20Google%20successfully%20completed%20its%202nd%20factor%20verification%20so%20that%20Azure%20does%20not%20also%20request%20one.%20At%20this%20point%20I%20think%20I%20would%20rather%20fully-remove%20MFA%20and%20just%20set%20ridiculous%20credentials%20and%20rotate%20them%20frequently%20for%20the%20non-federated%20login.%20But%20I%20cannot%20find%20any%20setting%20to%20un-enforce%20MFA%20registration%2Frequirements.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I am trying to find where on Microsoft365 Apps for Business

OrionJason_0-1596504809724.png

I can set MFA registration requirements and if the associated AAD supports per-domain configuration. I have a secondary domain that is federated and the primary (onmicrosoft.com) that is not. I want to remove all MFA requirements from the federated domain while making registration required for the non-federated domain so that the admin account that is not federated is still secured. Is this possible without upgrading AAD to Px? If so, is this set in the UI? I'm also happy to be directed to PS-based configuration. All documentation I can find is for settings that are blocked by my licensing level and it is very frustrating.

2 Replies
Highlighted

Those settings are not configurable per domain. Also, "Microsoft 365 Apps for business" is just the Office software, no additional services.

Highlighted

@Vasil Michev Microsoft Apps for business most assuredly does include AzureAD functionality. We are additionally using Microsoft Intune Device licenses to manage a handful of Windows 10 systems. Rudimentary MFA is also included. It was enabled before I federated Azure to GSuite. I would like to disable it now or find a method of informing Azure when Google successfully completed its 2nd factor verification so that Azure does not also request one. At this point I think I would rather fully-remove MFA and just set ridiculous credentials and rotate them frequently for the non-federated login. But I cannot find any setting to un-enforce MFA registration/requirements.