Jan 30 2020
- last edited on
May 24 2021
This seems silly but I'm not seeing a way: The bulk of my users won't be licensed for MFA/SSPR, so I only want to force security info registration during logon for users that are assigned one of our AADPP1 licenses. How can I accomplish this?
Jan 31 2020 05:45 AM
You could create a dynamic group that contains all licensed users and scope the conditional access policies to them: https://365bythijs.be/2020/01/20/creating-a-dynamic-group-with-all-aad-premium-licensed-users/
Jan 31 2020 05:55 AM - edited Jan 31 2020 05:55 AM
@Thijs Lecomtethanks for the feedback! Could you clarify something? So requiring MFA via Conditional Access policy on an account that hasn't yet registered will prompt them to register during their next sign-on instead of just locking them out, correct?
Jan 31 2020 06:16 AMSolution