Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

AAD IDP MFA Registration Doesn't Fully Enable MFA

Senior Member

Hi all,


I wanted to highlight a peculiarity in using an MFA Registration Policy in Azure AD Identity Protection (AAD IDP). While adding a user or a group to a policy does require them to register for AAD MFA during their next sign-on to the O365 portal, it does not actually mark the user as Enabled when observed via This results in the user not receiving a default, automatically-generated App Password after a successful registration. This also prevents the user from creating additional App Passwords; the link to AppPasswords.aspx is hidden and manually navigating to that URL and attempting to create a new App Password will generate an error.

0 Replies