Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

(AAD) I want to force security info registration only for certain users

Brass Contributor

This seems silly but I'm not seeing a way: The bulk of my users won't be licensed for MFA/SSPR, so I only want to force security info registration during logon for users that are assigned one of our AADPP1 licenses. How can I accomplish this?

3 Replies

@ajm-b 

 

You could create a dynamic group that contains all licensed users and scope the conditional access policies to them: https://365bythijs.be/2020/01/20/creating-a-dynamic-group-with-all-aad-premium-licensed-users/

@Thijs Lecomtethanks for the feedback! Could you clarify something? So requiring MFA via Conditional Access policy on an account that hasn't yet registered will prompt them to register during their next sign-on instead of just locking them out, correct?

best response confirmed by ajm-b (Brass Contributor)
Solution
Jup! It will require them to register.

You will not lock them out through CA
1 best response

Accepted Solutions
best response confirmed by ajm-b (Brass Contributor)
Solution
Jup! It will require them to register.

You will not lock them out through CA

View solution in original post