Nov 17 2017
03:29 AM
- last edited on
May 24 2021
03:18 PM
by
TechCommunityAP
Nov 17 2017
03:29 AM
- last edited on
May 24 2021
03:18 PM
by
TechCommunityAP
Hi all,
I wanted to highlight a peculiarity in using an MFA Registration Policy in Azure AD Identity Protection (AAD IDP). While adding a user or a group to a policy does require them to register for AAD MFA during their next sign-on to the O365 portal, it does not actually mark the user as Enabled when observed via https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx. This results in the user not receiving a default, automatically-generated App Password after a successful registration. This also prevents the user from creating additional App Passwords; the link to AppPasswords.aspx is hidden and manually navigating to that URL and attempting to create a new App Password will generate an error.