SOLVED

MFA and security defaults with mixed licence levels

Copper Contributor

Hi all!

There is a similar post for this question but it dates back to 2020 and things have changed since then, I'm hoping someone can help me :)

 

My question is,

The majority of accounts in AAD have  P1 licences, however there are a some using free licences. The P1s have MFA enabled and we want to enable for the free accounts without impacting the settings for the P1's. Is this possible? I know we can turn on security defaults at the tenant level but would this affect the accounts already using MFA?

 

Also does anyone have experience enabling security defaults within a production environment? curious if after enabled all users are forced to enrol within the MFA app on the next login? My understanding is that security defaults only supports MS auth app 2FA.

 

Thanks for any help

 

Rob

2 Replies
best response confirmed by 2code-monte (Copper Contributor)
Solution

Hello @2code-monte ,

You can enable MFA for users by using a legacy per-user MFA
1. In the Microsoft 365 admin center, in the left nav choose Users > Active users.
2. On the Active users page, choose Multi-factor authentication.
3. On the multi-factor authentication page, select each user and set their Multi-Factor auth status to Disabled.

 

"Also does anyone have experience enabling security defaults within a production environment" - did it in a test environment.

 "curious if after enabled all users are forced to enrol within the MFA app on the next login?" - yes, you are right.

thank you @mikhailf
I'll have a look at those legacy settings you mentioned.
1 best response

Accepted Solutions
best response confirmed by 2code-monte (Copper Contributor)
Solution

Hello @2code-monte ,

You can enable MFA for users by using a legacy per-user MFA
1. In the Microsoft 365 admin center, in the left nav choose Users > Active users.
2. On the Active users page, choose Multi-factor authentication.
3. On the multi-factor authentication page, select each user and set their Multi-Factor auth status to Disabled.

 

"Also does anyone have experience enabling security defaults within a production environment" - did it in a test environment.

 "curious if after enabled all users are forced to enrol within the MFA app on the next login?" - yes, you are right.

View solution in original post