cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more
SOLVED

MFA: can I make registering MFA optional but then require it for signing in?

Roger Seekell
Brass Contributor

‎Apr 29 2019 09:37 AM

‎Apr 29 2019 09:37 AM

MFA: can I make registering MFA optional but then require it for signing in?

Can I make registering for Azure MFA optional but if it is configured on an account then require it for signing in? 

Example: If I set up MFA on an account that is not MFA-enabled or MFA-enforced, then MFA is not required to log in, but if I enable MFA for an account, then the user must set up MFA immediately. 

(I hope this makes sense.) A lot of consumer sites make two-factor auth optional but will enforce it after you set it up. 

We want people who are concerned about security to register for and use MFA, but we give a grace period for those resisting the idea.  Thank you.

1,156 Views
0 Likes
4 Replies
Reply
4 Replies
Vasil Michev

‎Apr 29 2019 09:55 AM

‎Apr 29 2019 09:55 AM

Re: MFA: can I make registering MFA optional but then require it for signing in?

It depends on how you are configuring MFA. If it's via the MFA portal, the user will have to register after his currently valid token expires. If it's via Conditional access policy, the user will have to register only when it hits some resource that requires MFA.

0 Likes
Reply
Roger Seekell

‎Apr 29 2019 10:01 AM

‎Apr 29 2019 10:01 AM

Re: MFA: can I make registering MFA optional but then require it for signing in?

@Vasil Michev I only want to require MFA if the user has registered for it. Is this possible?

0 Likes
Reply
best response confirmed by Roger Seekell (Brass Contributor)
Vasil Michev

‎Apr 29 2019 10:15 AM

‎Apr 29 2019 10:15 AM

Solution

Re: MFA: can I make registering MFA optional but then require it for signing in?

MFA is not a self-service, you as the admin determine which users require it (either by directly enforcing or using CA policy), and only then the users can register.

0 Likes
Reply
Roger Seekell

‎Apr 29 2019 10:40 AM

‎Apr 29 2019 10:40 AM

Re: MFA: can I make registering MFA optional but then require it for signing in?

OK, that answers my question. Thank you!
0 Likes
Reply