Is MFA to be enabled for all users to allow their Devices to be Azure AD joined?

%3CLINGO-SUB%20id%3D%22lingo-sub-2243634%22%20slang%3D%22en-US%22%3EIs%20MFA%20to%20be%20enabled%20for%20all%20users%20to%20allow%20their%20Devices%20to%20be%20Azure%20AD%20joined%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2243634%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%60m%20trying%20to%20evaluate%20if%20MFA%20via%20Azure%20AD%20to%20be%20enabled%20for%20all%20users%20is%20required%20before%20allowing%20the%20%22%3C%2FP%3E%3CDIV%20class%3D%22azc-form-labelcontainer%20azc-text-label%20azc-text-sublabel-neighbor%22%3EDevices%20to%20be%20Azure%20AD%20joined%20or%20Azure%20AD%20registered%20require%20Multi-Factor%20Authentication%3CDIV%20class%3D%22fxc-base%20azc-control%20azc-dockedballoon%20azc-dockedballoon-info%22%3E%3CDIV%20class%3D%22azc-dockedballoon-anchor%22%3E%3CDIV%20class%3D%22fxs-portal-svg-secondary%20azc-fill-hovered-heavy%20azc-dockedballoon-anchor-target%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%3CDIV%20class%3D%22azc-formElementContainer%22%3E%3CDIV%20class%3D%22fxc-base%20azc-control%20azc-editableControl%20azc-validatableControl%20azc-itemList%20azc-optionPicker%20azc-validation-border%20azc-noRadio%20azc-inlineFlex%20azc-validatableControl-none%20azc-is-edited%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%22%3C%2FP%3E%3CP%3Efeatures%20to%20%22yes%22%20under%20Azure%20Active%20Directory%20-%20Devices%20-%20Device%20settings%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20Environment%3A%3C%2FP%3E%3CP%3E-%20Few%20users%20have%20MFA%20enabled%3C%2FP%3E%3CP%3E-%20Hybrid%20Environment%3C%2FP%3E%3CP%3E-%20AD%20Sync%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20guidance%20will%20be%20helpful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2243634%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2243874%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20MFA%20to%20be%20enabled%20for%20all%20users%20to%20allow%20their%20Devices%20to%20be%20Azure%20AD%20joined%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2243874%22%20slang%3D%22en-US%22%3EYou%20are%20correct%20that%20they%20would%20be%20prompted%20when%20joining%20a%20device.%20IF%20they%20have%20not%20configured%20MFA%20before%2C%20they%20will%20need%20to%20do%20so.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20don't%20use%20that%20setting%20perse%2C%20I%20manage%20all%20MFA%20through%20Conditional%20Access%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello All,

 

I`m trying to evaluate if MFA via Azure AD to be enabled for all users is required before allowing the "

Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication
 
 

"

features to "yes" under Azure Active Directory - Devices - Device settings?

 

Current Environment:

- Few users have MFA enabled

- Hybrid Environment

- AD Sync

 

Any guidance will be helpful.

 

1 Reply
You are correct that they would be prompted when joining a device. IF they have not configured MFA before, they will need to do so.

I don't use that setting perse, I manage all MFA through Conditional Access