Forum Discussion
MFA required Conditional Access
I have a conditional access policy (currently in report only mode) that will require MFA on all internal users. Microsoft originally instructed me to enabled MFA on all the users via the MFA admin c...
Hi
If user-based MFA is enabled, it will override the conditional access policies for that user.
The best practice is to first turn on MFA only through conditional access . You can evaluate the impact of the policies for users by using report only mode then enable it for a limited group of users (pilot) then enable it for all (It can be multiple policies for specific use cases and specific group of people ) . Don't forget to exclude the break glass account and separate policies for admins from those for users.
- Got it. Thanks for the replies. I will get this policy enabled then I will go back and disable the "old way" 🙂
