Hi @Chandrasekhar_Arya 

Thank you for your response, however, this isn't what I'm looking for.

I stated in my post that the organization does not use security defaults and they are already on a Premium subscription for Azure.

We want to enforce MFA registration immediately.

We don't want users to have the option to defer registration for 14 days.

Current behaviour: User logs in for first time - has option "skip for now (14 days until this is required)"

Desired behaviour: User logs in for first time - has to set up MFA to continue.

Hi @Antons Bukels 

Thanks for your reply.

"You could use Azure AD Conditional Access to enforce MFA when users access O365 from an untrusted network."

I believe this is already configured, and what we are seeing is not many people are registering because not many are accessing M365 outside of work or outside of trusted devices/networks so that is why they are looking at this alternative...

"You could also enforce MFA registration from the trusted network only. This way users will be able to access O365 only after registering MFA"

Could potentially be an option however you went on to say "and only from the trusted network."

What do you mean "and only from the trusted network"?

Do you mean that they would be forced to register while connected to the trusted network and then they would be unable to access M365 services from outside of the trusted network once registered? 

Or they would be forced to register, but they will be able to access from anywhere that Conditional Access policies permit once they have registered for MFA?

I don't want a scenario where users are forced to register for MFA and then can't do something like logging on to OWA on their home PC for example. That would not be ideal.

Look forward to hearing from you regarding that suggestion further. Thanks!!