Self-service passwordless setup & enforcement

%3CLINGO-SUB%20id%3D%22lingo-sub-3298382%22%20slang%3D%22en-US%22%3ESelf-service%20passwordless%20setup%20%26amp%3B%20enforcement%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3298382%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20wondering%20if%20there%20is%20a%20way%20to%20allow%20tenant%20users%2C%20on%20their%20own%2C%20to%20set%20up%20Passwordless%20using%20MS%20Authenticator%20AND%20set%20the%20account%20in%20a%20way%20that%20it's%20always%20enforce%20Passwordless%20or%20password%2BMFA%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20encouraging%20users%20to%20set%20up%20Passwordless%20when%20they're%20ready%2C%20and%20when%20they%20have%20done%20so%2C%20we%20want%20them%20to%20always%20use%20Passwordless%20or%20password%2BMFA%20to%20sign%20in%20to%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20accomplish%20this%3F%20--%20So%20far%20we%20need%20admin%20to%20enforce%20MFA%20on%20Microsoft%20365%20portal.%20Something%20impractical%20for%20organization%20with%20thousands%20of%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3298382%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMultifactor%20Authentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPasswordless%20Authentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3298484%22%20slang%3D%22en-US%22%3ERe%3A%20Self-service%20passwordless%20setup%20%26amp%3B%20enforcement%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3298484%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EMaybe%20the%20following%20links%20can%20help.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F04%2Fenable-mfa-sspr-together-using-combined.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F04%2Fenable-mfa-sspr-together-using-combined.html%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F03%2Fusing-conditional-access-to-enable.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F03%2Fusing-conditional-access-to-enable.html%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F04%2Fusing-temporary-access-pass-in-azure-ad.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frahuljindalmyit.blogspot.com%2F2022%2F04%2Fusing-temporary-access-pass-in-azure-ad.html%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I was wondering if there is a way to allow tenant users, on their own, to set up Passwordless using MS Authenticator AND set the account in a way that it's always enforce Passwordless or password+MFA?

 

We are encouraging users to set up Passwordless when they're ready, and when they have done so, we want them to always use Passwordless or password+MFA to sign in to AAD.

 

Is there a way to accomplish this? -- So far we need admin to enforce MFA on Microsoft 365 portal. Something impractical for organization with thousands of users.

1 Reply