Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

AAD IDP MFA Registration Doesn't Fully Enable MFA

Brass Contributor

Hi all,


I wanted to highlight a peculiarity in using an MFA Registration Policy in Azure AD Identity Protection (AAD IDP). While adding a user or a group to a policy does require them to register for AAD MFA during their next sign-on to the O365 portal, it does not actually mark the user as Enabled when observed via This results in the user not receiving a default, automatically-generated App Password after a successful registration. This also prevents the user from creating additional App Passwords; the link to AppPasswords.aspx is hidden and manually navigating to that URL and attempting to create a new App Password will generate an error.

0 Replies