MS managed CA for all users MFA

Iron Contributor

Hi experts,

 

I have been doing some revision of MFA in our organization and noticed something that I cant figure out.

I have the MS managed CA created "Multifactor authentication for per-user multifactor authentication users", and it is in ENABLED mode... All fine... no issues... However, I have noticed that it is covering only 50 users out of 65 total/licensed user in our organization. The CA is applied to "Users/Groups" which is not possible to edit (only for "exclude" option can be modified).

 

sumo83_0-1724707710835.png

 

Wondering - why... how the users were selected? Why I have users missing there? For example, my account is not there either.

 

PS: I am using the LEGACY MFA.... not migrated to MS Entra yet.

 

I plan to migrate to MS Entra MFA these days so would like to understand the above so that all users have MFA enabled and REQUIRED after migration

 

Thank you.

2 Replies
This policy should map to the user you've configured for per-user MFA in the legacy portal. There are some limitations though as detailed here: https://learn.microsoft.com/en-us/entra/identity/conditional-access/managed-policies#multifactor-aut...

@VasilMichev ... thank you for response. Checking the limitations - none should apply to us. I also double checked that missing user have Legacy MFA enabled..... Lets see... will migrate and see if it solves the issue