Combined registration for Azure AD MFA and Self Service Password Reset plus two other cool updates now in public preview!

Published Sep 07 2018 09:20 AM 23.9K Views
First published on CloudBlogs on Aug, 06 2018
Howdy folks, Today, I am excited to share some really cool improvements to Multi-Factor Authentication (MFA) and self-service password reset (SSPR) that are now in public preview! We’ve heard from our customers that having two different registration experiences causes confusion and frustration. Now, users can register once and get the benefits of both MFA and SSPR—eliminating having to register their security info for these features twice. This allows administrators to create and maintain a single set of documentation for their users and greatly simplifies the helpdesk scenarios. We received a lot of positive feedback from customers who have been using the private preview of these improvements and now we're excited  to share them with all of you. Keep reading to learn more about these improvements!

Register for MFA and SSPR in a single experience

In the current Azure AD experience, users who are enabled for both MFA and SSPR must register their security info in separate experiences. We've heard from you that this causes confusion and frustration for users, especially if they have to register the same info, such as phone number, twice.

Before: MFA registration experience.

Before: SSPR registration experience.

With the new combined experience users can register their security info for both MFA and SSPR in a single, combined flow. This means users get to register once and benefit from both features!

A single, updated security info registration experience.

After registering, users can manage their security info from their profile or by going to security info registration .

Profile page with Edit security info link to manage security info.

Here users can add more security info, change or delete previously registered info, and choose their default methods for MFA.

Security info management page.

Users who previously registered for MFA or SSPR through the separate experiences can manage their registered info through this new experience. We have created new documentation for this experience that shows users how to register and manage their security info. We recommend that you review this documentation and use it to prepare your users for the new experience. In particular, users who are familiar with the previous app password registration experience should follow the steps listed in our apps passwords tutorial to register app passwords in the new experience. You can enable this experience for a group of users or all users in your organization today by following these steps . You can also let us know about your experience with this preview by filling out our survey .

Improved registration experience for the Microsoft Authenticator app

Not only does this new experience give users the ability to register for two features at once, but we also made each step in the registration process more intuitive. In particular, we improved the registration experience for the Microsoft Authenticator app (or any other authenticator app). Clear instructions and illustrations walk users through each step of registering their authenticator app. In addition, users who register from their mobile device can setup their account in the Microsoft Authenticator app with a single tap.

First step in the Microsoft Authenticator app registration experience.

To learn more about registering the Microsoft Authenticator app, check out our user guide .

Reset passwords using Microsoft Authenticator

Users who register the Microsoft Authenticator app (or another authenticator app) through the new security info registration experience or the current MFA registration experience can use an authenticator app to prove who they are to reset their password.

Mobile app options in Password reset settings.

You can quickly enable this feature from the Azure AD portal under Password reset settings—simply check the Mobile app notification and Mobile app code options. To learn more about how to enable your users to reset their password using the Microsoft Authenticator app, check out our documentation .

Tell us what you think

As always, we want to hear any feedback or suggestions you have. Please let us know what you think in the comments below or send us an email at ssprfeedback@microsoft.com . Best regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division
35 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-363095%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363095%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F15060%22%20target%3D%22_blank%22%3E%40Alexey%20Goncharov%3C%2FA%3E%26nbsp%3Bthe%20tenant%20name%20will%20show%20up%20in%20the%20upper%20left%20corner%2C%20but%20we're%20looking%20to%20add%20the%20branding%20logo%20as%20well%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362923%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362923%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F187075%22%20target%3D%22_blank%22%3E%40Sadie%20Henry%3C%2FA%3E%20it%20would%20be%20great%20if%20Microsoft%20is%20able%20to%20integrate%20both%2C%20tenant%20name%20and%20a%20branding%20logo%20as%20well.%20%3Athumbs_up%3A%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359868%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359868%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F294862%22%20target%3D%22_blank%22%3E%40watersjeremy%3C%2FA%3E%26nbsp%3B-%20thanks%20for%20the%20feedback!%20We'll%20look%20into%20potentially%20integrating%20the%20tenant%20name%20into%20the%20%22your%20organization%22%20wording.%20In%20the%20meantime%2C%20the%20tenant%20name%20will%20show%20up%20in%20the%20upper-left%20corner%20and%20we%20are%20looking%20to%20also%20add%20the%20custom%20branding%20image%2Flogo%20there%20as%20well.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359849%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359849%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%26nbsp%3B%2F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F187075%22%20target%3D%22_blank%22%3E%40Sadie%20Henry%3C%2FA%3E%26nbsp%3B%20%2FAll%20-%20I'm%20taking%20a%20look%20at%20%22%3CSTRONG%3EUsers%20can%20use%20preview%20features%20for%20registering%20and%20managing%20security%20info%20%E2%80%93%20refresh%3C%2FSTRONG%3E%22%3CSPAN%3E%26nbsp%3Bin%20my%20test%20tenant%20and%20like%20it.%20One%20thing%20that%20jumped%20out%20at%20me%20as%20an%20organization%20that%20has%20a%20lot%20of%20guest%20users%20that%20we%20subject%20to%20Azure%20MFA%20is%20the%20%22Your%20organization%22%20verbiage%20on%20the%20screens%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20874px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F84988i5E6AEAEFB33E6845%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Screenshot%20-%2004-Mar-19%20%2C%2010_20_35%20AM.png%22%20title%3D%22Screenshot%20-%2004-Mar-19%20%2C%2010_20_35%20AM.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20have%20some%20guest%20users%20whose%20employers%20also%20use%20Azure%20AD%20-%20which%20sometimes%20leads%20to%20user%20confusion%20over%20what%20org%20the%20user%20is%20interacting%20with.%20I%20think%20these%20screens%20would%20be%20better%20if%20you%20used%20the%20tenant%20name%2Fdescription%20rather%20than%20the%20generic%20%22your%20org%22%20(which%20is%20not%20actually%20correct%20in%20the%20case%20of%20a%20guest).%20Even%20better%20if%20you%20used%20the%20custom%20branding%20in%20order%20to%20provide%20more%20visual%20cues%20as%20to%20who%20the%20user%20is%20interacting%20with.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-338285%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-338285%22%20slang%3D%22en-US%22%3E%3CP%3ESorry%20to%20say%2C%20but%20Microsoft%20havn't%20listen%20to%20our%20requests%20at%20all%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3ENew%20user%20setup%20is%20still%20as%20bad%20as%20the%20first%20release.%3C%2FP%3E%3CP%3E1.%20It%20is%20still%20asking%20for%20mobile%20phone%20as%20the%20first%20option%20for%20MFA%2C%20and%20you%20still%20need%20to%20go%20back%20to%20the%20portal%20to%20add%20Microsoft%20Authenticator%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E2.%20Mobile%20phone%20number%20is%20not%20prefilled%20from%20AzureAD%2C%20and%20users%20can%20fill%20in%20whatever%20they%20want%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20portal%20looks%20great%2C%20but%20when%20you%20click%20on%20different%20options%20it%20open%20up%20new%20tabs%20instead%20of%20having%20staying%20in%20the%20same%20window.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-335199%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-335199%22%20slang%3D%22en-US%22%3E%3CP%3EI%20tried%20this%20myself%2C%20but%20need%20to%20do%20a%20%22new%20user%20experience%22%20to%20see%20how%20it%20compares%20to%20the%20existing%20preview%20experience.%26nbsp%3B%20The%20other%20activity%20screens%20look%20interesting.%26nbsp%3B%20They%20need%20to%20focus%20on%20the%20enrollment%20experience%2C%20above%20all.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-335043%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-335043%22%20slang%3D%22en-US%22%3E%3CP%3ESeems%20like%20Microsoft%20has%20released%20another%20preview%2C%20calling%20it%20%22Users%20can%20use%20preview%20features%20for%20registering%20and%20managing%20security%20info%20-%20%3CSTRONG%3Erefresh%3C%2FSTRONG%3E%22.%20I%20just%20enabled%20it%20and%20it%20includes%20a%20lot%20of%20new%20interesting%20features%20for%20the%20user's%20profile%20page%20(as%20far%20as%20I%20can%20understand%20via%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmyprofile.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyprofile.microsoft.com%2F%3C%2FA%3E%20once%20you%20have%20enabled%20it)%20like%20Recent%20Activity.%20It%20also%20seems%20to%20feature%20a%20new%20process%20for%20registering%20and%20choosing%20a%20default%20MFA%20authentication%20method%20which%20I%20haven't%20tried%20on%20a%20deeper%20level%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20556px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F72829i1CDED5EEEFAC3A8C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22mfa-sspr_v2.png%22%20title%3D%22mfa-sspr_v2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ELet's%20get%20testing!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313248%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313248%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20logo%20is%20working%20properly%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313207%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313207%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20mean%20in%20the%20top%20left%20corner%3F%20This%20shows%20our%20company%20logo%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313081%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313081%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20anyone%20having%20trouble%20with%20company%20branding%20not%20showing%20up%20in%20the%20combined%20registration%3F%26nbsp%3B%20I%20can%20see%20it's%20trying%20to%20pull%20the%20branding%20while%20the%20page%20is%20loading%2C%20but%20the%20Microsoft%20default%20appears%20instead.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312421%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312421%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks!%20Thanks%20for%20the%20great%20comments%20on%20this%20thread%20and%20apologies%20for%20the%20delayed%20response.%20The%20best%20way%20to%20get%20help%20is%20to%20submit%20a%20support%20ticket%20through%20the%20Azure%20AD%20portal%20or%20you%20can%20reach%20out%20to%20ssprfeedback%40microsoft.com%20with%20questions.%20Thank%20you!%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312383%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312383%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20found%20that%20if%20you%20enable%20the%20user%20for%20self%20service%20password%20reset%20at%20the%20same%20time%20as%20conditional%20mfa%20it%20will%20prepopulate%20Authenticator%20as%20the%20default%20option.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20set%20the%20SSPR%20requirement%20to%202%20factors%20needed%20for%20a%20reset%2C%20the%20preview%20portal%20prepopulates%20with%20Authenticator%20and%20SMS%20as%20two%20options%20that%20the%20user%20must%20complete.%26nbsp%3B%20This%20is%20the%20route%20we%20are%20taking.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312312%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312312%22%20slang%3D%22en-US%22%3E%3CP%3EI%20hereby%20also%20can%20confirm%20that%20the%20on-premise%20AD%20attribute%26nbsp%3B%3CSTRONG%3Emobile%3C%2FSTRONG%3E%20which%20is%20sync'ed%20to%20Azure%20AD%20%3CSTRONG%3EMobile%20phone%3C%2FSTRONG%3E%20does%20not%20get%20pre-filled%20into%20SSPR%20as%20it%20did%20on%20the%20old%20SSPR%20setup%20page.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESide%20node.%20In%20the%20old%20SSPR%20portal%20it%20didn't%20matter%20the%20format%20of%20the%20attribute%2C%20you%20could%20put%20%2B1123456789%2C%20%2B1%2023456789%2C%20%2B1-123456789%20or%20even%20%2B1-(234)-56789%20-%20it%20always%20corrected%20it%20and%20entered%20%2B1%2023456789%20as%20the%20required%20format%20according%20to%20documentation%20and%20also%20if%20you%20try%20to%20change%20it%20manually%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20370px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F65649i1FB8B7C728E82D18%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22sspr.png%22%20title%3D%22sspr.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20now%20with%20the%20new%20converged%20SSPR%2FMFA%20the%20user%20can%20put%20whatever%20format%20they%20want%20including%20spaces%20and%20-%20and%20it%20will%20work%20and%20be%20saved%20to%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20I%20agree%20with%20other%20comments%2C%20we%20need%20a%20way%20to%20force%2Frecommend%20the%20order%20so%20we%20push%20more%20users%20to%20Authenticator%20app%20rather%20than%20text%20message.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309729%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309729%22%20slang%3D%22en-US%22%3E%3CP%3EI%20havw%20reported%20this%20to%20the%20email%20address%20listed%20in%20this%20article%20several%20months%20ago.%26nbsp%3B%20%26nbsp%3BI%20have%20noticed%20that%20after%20prepopulating%20the%20number%20it%20does%20not%20show%20in%20the%20list%2C%20but%20can%20be%20selected%20as%20a%20default%20authentication%20type.%26nbsp%3B%20%26nbsp%3BAfter%20logging%20in%20and%20going%20through%20MFA%20once%20the%20number%20appears%20as%20expected.%26nbsp%3B%20%26nbsp%3BI%20suspect%20it%20is%20due%20to%20the%20lack%20of%20verification%20on%20the%20number%2C%20and%20is%20obviously%20a%20bug.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309701%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309701%22%20slang%3D%22en-US%22%3E%3CP%3EExactly%20the%20same%20here%20in%20our%20tenant%20as%20for%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3174%22%20target%3D%22_blank%22%3E%40Johan%20Schmidt%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309682%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309682%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20(2.)%20SSPR%20is%20working%20and%20we%20are%20using%20a%20space%20between%20country%20code%20and%20phone%20number.%20But%20when%20we%20try%20to%20use%20the%20same%20information%20when%20activating%20MFA%20the%20phone%20number%20is%20suddenly%20empty.%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309679%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309679%22%20slang%3D%22en-US%22%3E%3CP%3ECould%20your%202)%20issue%20be%20that%20you%20need%20the%20phone%20number%20pre-populated%20with%20a%20space%3F%20See%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-cyrl-ba%2FAzure%2Factive-directory%2Fauthentication%2Fhowto-sspr-authenticationdata%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20%3C%2FA%3Elink%3A%26nbsp%3B%20%3CEM%3ENote%3A%20There%20needs%20to%20be%20a%20space%20between%20the%20country%20code%20and%20the%20phone%20number%3C%2FEM%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309677%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309677%22%20slang%3D%22en-US%22%3E%3CP%3E%40%26nbsp%3BMicrosoft%20is%20this%20thread%20monitored%20by%20MSFT%3F%20If%20no%2C%20where%20could%20we%20get%20some%20attention%20from%20Microsoft%20regarding%20some%20very%20important%20issues%3F%3C%2FP%3E%3CP%3E1.%20The%20prio%20order%20when%20registering%20MFA%2C%20i%20would%20like%20Microsoft%20authenticator%20app%20as%20the%20first%20available%20option%2C%20but%20there%20are%20others%20that%20need%20other%20options.%20The%20solution%20to%20the%20problem%20is%20that%20you%20let%20administrator%20of%20the%20tenant%20to%20choose%20the%20order.%3C%2FP%3E%3CP%3E2.%20Pre%20population%20of%20authenticator%20phone%2C%20right%20now%20this%20is%20empty%2C%20even%20if%20we%20got%20mobile%20phone%20and%20phone%20populateded%20from%20our%20AD%2FAzure%20AD%2C%20why%20is%20it%20empty%3F%20In%20the%20old%20MFA%20registration%20interface%20it%20was%20prefilled%20with%20mobile%20phone%2C%20but%20now%20it%20is%20empty!%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETried%20to%20make%20a%20attention%20to%20the%20thread%20owner%20Alex%20Simons%2C%20but%20the%20system%20reject%20this%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-309646%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-309646%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20news%20on%20when%20this%20feature%20will%20go%20GA%20and%20be%20the%20default%20method%20for%20all%20tenants%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307229%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307229%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20new%20portal%20is%20better%20from%20old%2C%20because%20primary%20method%20is%20application%20and%20is%20better%20looking%20and%20working%20nicer%20in%20other%20browsers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20there%20are%20still%20a%20few%20items%20to%20be%20addressed%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ESetup%20will%20timeout%20sometimes%20and%20user%20must%20hit%20%22retry%22%20to%20setup%20correctly.%3C%2FLI%3E%0A%3CLI%3EThe%20link%20to%20this%20page%20is%20complicated%20from%20My%20Profile%20section%20from%20Office%20365.%3C%2FLI%3E%0A%3CLI%3EOption%20to%20sync%20easily%20preferred%20mobile%20phone%20to%20authentication%20with%20Azure%20AD%20Connect.%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-303923%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-303923%22%20slang%3D%22en-US%22%3ECan%20we%20expect%20new%20combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20generally%20available%20by%20end%20of%20this%20year%20or%20it%20might%20be%20postponed%20until%20Q1'2019%20or%20even%20H1'2019%20%3F%20I'm%20asking%20because%20our%20InfoSec%20team%20is%20exploring%20an%20opportunity%20to%20introduce%202FA%20for%20the%20entire%20company%20and%20currently%20working%20with%20other%20vendors%20due%20to%20some%20limitation%20of%20the%20existing%20solution%20provided%20by%20Azure%20MFA%2C%20including%20two%20portals%20and%20limited%20support%20of%20hardware%20tokens%2C%20which%20is%20in%20public%20preview%20as%20well.%20Thanks.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291279%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291279%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20far%20we've%20found%20the%20following%20optimal%20experience%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E-%20Enable%20preview%20experience%2C%20and%20turn%20on%20a%20policy%20for%20SSPR%20that%20requires%202%20methods%20for%20a%20reset.%3C%2FP%3E%3CP%3E-%20New%20users%20will%20be%20prompted%20to%20first%20register%20the%20Authenticator%2C%20and%20then%20a%20phone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20optimal%20because%20a%20user%20who%20changes%20phones%20can%20use%20SMS%20on%20their%20new%20phone%20until%20the%20Authenticator%20is%20reconfigured.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I'd%20like%20to%20see%3A%3C%2FP%3E%3CP%3E-%20An%20option%20to%20force%20the%20user%20to%20do%20certain%20methods%20(Email%2C%20Security%20Questions)%20every%20time%20during%20setup.%26nbsp%3B%20For%20example%2C%20I'd%20like%20to%20let%20the%20user%20pick%20between%20Authenticator%2C%20Phone%2C%20etc.%26nbsp%3B%20but%20have%20to%20do%20Security%20Questions%20all%20the%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-281741%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-281741%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20how%20can%20this%20new%20integration%20(and%20the%20entire%20SSPR%20feature)%20help%20in%20regards%20to%20users%20resetting%20their%20mfa%20device%3F%3C%2FP%3E%3CP%3EI%20mean%2C%20is%20there%20any%20new%20method%20to%20let%20users%20reset%20their%20mfa%20App%20when%20they%20loose%20their%20phone%20or%20change%20to%20a%20new%20device%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279861%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279861%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3174%22%20target%3D%22_blank%22%3E%40Johan%20Schmidt%3C%2FA%3E%20Agreed%2C%20it%20would%20be%20great%20to%20add%20MS%20Authenticator%20as%20preferred%20option%2C%20including%20a%20capability%20to%20enroll%20a%20device%20and%20send%20URL%20for%20the%20app%20deployment%20on%20mobile%20iOS%2FAndroid%20device.%20Also%2C%20it%20would%20be%20great%20to%20make%20security%20questions%20as%20optional.%20Currently%20all%20our%20users%20have%20to%20set%20at%20least%203%20security%20questions%20at%20SSPR%20portal%20during%20self%20sign%20up.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279833%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279833%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F15060%22%20target%3D%22_blank%22%3E%40Alexey%20Goncharov%3C%2FA%3E%26nbsp%3BMy%26nbsp%3Bthoughts%20is%20about%20the%20possibility%20for%20administrators%20to%20configure%20the%20order%20presented%20to%20end%20user%20and%20to%20add%20a%20possibility%20to%20automatically%20provision%20and%20lockdown%20the%20attribute%20%22Authentication%20Phone%22%20for%20end%20users.%20I%20agree%20with%20your%20suggestion%20to%20have%20this%20possibility%20to%20change%20authentication%20phone%20as%20a%20Self%20Service%2C%20but%20it%20should%20also%20be%20possible%20for%20to%20lock%20it%20down%20and%20use%20auto%20provisioning%20in%20those%20cases%20their%20it%20is%20needed%2C%20that's%20something%20missing%20today%20%2C%20and%20the%20current%20update%20of%20the%20user%20experience%20is%20forcing%20even%20more%20end%20user%20to%20get%20stuck%20in%20text%2Fphone%20behavior%20instead%20of%20using%20Authenticator%20App.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279720%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279720%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3174%22%20target%3D%22_blank%22%3E%40Johan%20Schmidt%3C%2FA%3E%2C%20I%E2%80%99m%20not%20sure%20whether%20the%20ability%20to%20restrict%20an%20update%20of%20a%20phone%20number%2C%20used%20by%20a%20user%20as%20a%20second%20factor%20for%20authentication%2C%20is%20a%20requirement%20for%20all%20enterprises.%20I%20know%20at%20least%20few%20companies%2C%20including%20my%20current%20one%2C%20where%20users%20should%20be%20able%20to%20proceed%20with%20self%20registration%20without%20exposing%20their%20personal%20mobile%20numbers%20to%20Azure%20AD.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279690%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279690%22%20slang%3D%22en-US%22%3E%3CP%3Estill%20not%20working%20and%20still%20no%20answers%20either%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-279389%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-279389%22%20slang%3D%22en-US%22%3E%3CP%3EI%20hope%20you%20listen%20on%20the%20feedback%20regarding%20the%20default%20MFA%20options.%20When%20we%20activate%20a%20new%20user%20we%20don't%20want%20them%20to%20add%20phone%20number%20and%20activate%20MFA%20by%20text%2Fphone%2C%20we%20want%20them%20to%20activate%20by%20Microsoft%20Authenticator.%20At%20the%20moment%20there%20is%20no%20way%20to%20add%20authenticator%20app%20when%20you%20following%20the%20new%20user%20MFA%20setup%2C%20phone%20should%20be%20the%20secondary%20option%20and%20the%20end%20user%20should%20not%20be%20able%20to%20change%20the%20phone%20number%20provided%20from%20Azure%20AD.%20This%20is%20a%20major%20security%20concern%20in%20a%20lot%20of%20enterprise%20companies%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-278118%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-278118%22%20slang%3D%22en-US%22%3EDo%20you%20know%20when%20it's%20gonna%20work%20again%3F%20It's%20really%20very%20important%20feature%20which%20impacts%20on%20end-user%20experience%20and%20we%20would%20like%20to%20start%20to%20leverage%20it%20sooner%20than%20later.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-277409%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277409%22%20slang%3D%22en-US%22%3E%3CP%3Enot%20working%20for%20me.%20one%20user%20attempting%20to%20go%20to%20the%20page%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsetupsecurityinfo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsetupsecurityinfo%3C%2FA%3E%20gets%20this%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20997px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F58139i6323B66BDFB4BFB8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3Ewhile%20my%20user%20account%20when%20attempting%20to%20go%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsetupsecurityinfo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsetupsecurityinfo%3C%2FA%3E%20gets%20stuck%20in%20some%20sort%20of%20page%20loop%20that%20goes%20on%20for%20quite%20a%20few%20loops%20then%20I%20get%20either%20the%20above%20error%20or%20sometimes%20I%20get%20the%20right%20page...%E2%80%A6%20I%20think%3F%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F58140iDBAE7380F217F0C2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20fact%20that%20I%20am%20stuck%20in%20a%20page%20loop%20for%20so%20long%20I%20am%20sure%20is%20not%20right%20even%20if%20I%20do%20land%20on%20the%20correct%20page.%20so%20something%20is%20wrong%20I%20am%20sure%20and%20I%20am%20not%20sure%20where%20to%20go%20to%20get%20help.%20I%20tried%20opening%20a%20ticket%20with%20Azure%20but%20that%20went%20nowhere%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-277185%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-277185%22%20slang%3D%22en-US%22%3E%3CP%3EI%20tested%20with%20a%20new%20user%20and%20see%20what%20is%20described.%26nbsp%3B%20For%20an%20existing%20user%20that%20had%20MFA%20previously%2C%20after%20resetting%20MFA%20methods%2C%20it%20initially%20requests%20Phone%20and%20Email%20instead%20of%20Authenticator%20app%2Fphone%20(and%20no%20option%20to%20register%20authenticator%20app).%26nbsp%3B%20Why%20the%20difference%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-267836%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-267836%22%20slang%3D%22en-US%22%3E%3CP%3Enot%20working%20for%20me.%20where%20can%20I%20get%20more%20help%20with%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-556251%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-556251%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20really%20great%20feature.%20We%20have%20enabled%20SSPR%2C%20we%20have%20Conditional%20Access%20forcing%20MFA%20when%20off%20prem%20(Using%20the%20locations%20feature%20to%20determine%20on%20prem).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20MFA%20is%20applied%20whenever%20you're%20offsite.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe'd%20like%20to%20enable%20Enforce%20MFA%20Registration%20or%20manually%20Enable%20MFA%20for%20each%20user.%20Ideally%20to%20boost%20our%20secure%20score.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20recommended%20in%20this%20scenario%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-560002%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-560002%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F339667%22%20target%3D%22_blank%22%3E%40Pete99%3C%2FA%3E%26nbsp%3Bgreat%20question!%20I%20would%20not%20recommend%20enforcing%20MFA%20on%20a%20per-user%20basis.%20It%20sounds%20like%20you're%20already%20heading%20down%20the%20right%20path%20by%20requiring%20MFA%20through%20CA.%20I%20would%20recommend%20that%20you%20continue%20to%20leverage%20CA%20to%20protect%20sensitive%20resources.%20I'm%20not%20exactly%20sure%20how%20that%20would%20contribute%20to%20secure%20score%2C%20but%20I%20would%20assume%20it%20will%20only%20help%20you.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-656292%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-656292%22%20slang%3D%22en-US%22%3EAre%20you%20aware%20when%20these%20new%20features%20will%20become%20GA%20%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055035%22%20slang%3D%22en-US%22%3ERe%3A%20Combined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updat%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055035%22%20slang%3D%22en-US%22%3E%3CP%3Ecool%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-245454%22%20slang%3D%22en-US%22%3ECombined%20registration%20for%20Azure%20AD%20MFA%20and%20Self%20Service%20Password%20Reset%20plus%20two%20other%20cool%20updates%20now%20in%20public%20preview!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-245454%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20CloudBlogs%20on%20Aug%2C%2006%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20Howdy%20folks%2C%20Today%2C%20I%20am%20excited%20to%20share%20some%20really%20cool%20improvements%20to%20Multi-Factor%20Authentication%20(MFA)%20and%20self-service%20password%20reset%20(SSPR)%20that%20are%20now%20in%20public%20preview!%20We%E2%80%99ve%20heard%20from%20our%20customers%20that%20having%20two%20different%20registration%20experiences%20causes%20confusion%20and%20frustration.%20Now%2C%20users%20can%20register%20once%20and%20get%20the%20benefits%20of%20both%20MFA%20and%20SSPR%E2%80%94eliminating%20having%20to%20register%20their%20security%20info%20for%20these%20features%20twice.%20This%20allows%20administrators%20to%20create%20and%20maintain%20a%20single%20set%20of%20documentation%20for%20their%20users%20and%20greatly%20simplifies%20the%20helpdesk%20scenarios.%20We%20received%20a%20lot%20of%20positive%20feedback%20from%20customers%20who%20have%20been%20using%20the%20private%20preview%20of%20these%20improvements%20and%20now%20we're%20excited%26nbsp%3B%20to%20share%20them%20with%20all%20of%20you.%20Keep%20reading%20to%20learn%20more%20about%20these%20improvements!%3CH3%20id%3D%22toc-hId-1505387673%22%20id%3D%22toc-hId-1505387673%22%3ERegister%20for%20MFA%20and%20SSPR%20in%20a%20single%20experience%3C%2FH3%3EIn%20the%20current%20Azure%20AD%20experience%2C%20users%20who%20are%20enabled%20for%20both%20MFA%20and%20SSPR%20must%20register%20their%20security%20info%20in%20separate%20experiences.%20We've%20heard%20from%20you%20that%20this%20causes%20confusion%20and%20frustration%20for%20users%2C%20especially%20if%20they%20have%20to%20register%20the%20same%20info%2C%20such%20as%20phone%20number%2C%20twice.%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46659iFF335AD6E53B963B%22%20%2F%3E%3CP%3E%3CEM%3E%20Before%3A%20MFA%20registration%20experience.%20%3C%2FEM%3E%3C%2FP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46660i5F4F2001BCA2CE86%22%20%2F%3E%3CP%3E%3CEM%3E%20Before%3A%20SSPR%20registration%20experience.%20%3C%2FEM%3E%3C%2FP%3EWith%20the%20new%20combined%20experience%20users%20can%20register%20their%20security%20info%20for%20both%20MFA%20and%20SSPR%20in%20a%20single%2C%20combined%20flow.%20This%20means%20users%20get%20to%20register%20once%20and%20benefit%20from%20both%20features!%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46661i25D917F2E325F210%22%20%2F%3E%3CP%3E%3CEM%3E%20A%20single%2C%20updated%20security%20info%20registration%20experience.%20%3C%2FEM%3E%3C%2FP%3EAfter%20registering%2C%20users%20can%20manage%20their%20security%20info%20from%20their%20profile%20or%20by%20going%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsetupsecurityinfo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20security%20info%20registration%20%3C%2FA%3E%20.%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46662i9A413E60F872BD76%22%20%2F%3E%3CP%3E%3CEM%3E%20Profile%20page%20with%20%3CSTRONG%3E%20Edit%20security%20info%20%3C%2FSTRONG%3E%20link%20to%20manage%20security%20info.%20%3C%2FEM%3E%3C%2FP%3EHere%20users%20can%20add%20more%20security%20info%2C%20change%20or%20delete%20previously%20registered%20info%2C%20and%20choose%20their%20default%20methods%20for%20MFA.%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46663i02946989AA48EF45%22%20%2F%3E%3CP%3E%3CEM%3E%20Security%20info%20management%20page.%20%3C%2FEM%3E%3C%2FP%3EUsers%20who%20previously%20registered%20for%20MFA%20or%20SSPR%20through%20the%20separate%20experiences%20can%20manage%20their%20registered%20info%20through%20this%20new%20experience.%20We%20have%20created%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fsecurityinfoguide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20new%20documentation%20%3C%2FA%3E%20for%20this%20experience%20that%20shows%20users%20how%20to%20register%20and%20manage%20their%20security%20info.%20We%20recommend%20that%20you%20review%20this%20documentation%20and%20use%20it%20to%20prepare%20your%20users%20for%20the%20new%20experience.%20In%20particular%2C%20users%20who%20are%20familiar%20with%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fuser-help%2Fmulti-factor-authentication-end-user-app-passwords%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20previous%20app%20password%20registration%20experience%20%3C%2FA%3E%20should%20follow%20the%20steps%20listed%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fuser-help%2Fsecurity-info-app-passwords%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20apps%20passwords%20tutorial%20%3C%2FA%3E%20to%20register%20app%20passwords%20in%20the%20new%20experience.%20You%20can%20enable%20this%20experience%20for%20a%20group%20of%20users%20or%20all%20users%20in%20your%20organization%20today%20by%20following%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fsecurityinfodocs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20these%20steps%20%3C%2FA%3E%20.%20You%20can%20also%20let%20us%20know%20about%20your%20experience%20with%20this%20preview%20by%20filling%20out%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoft.qualtrics.com%2Fjfe%2Fform%2FSV_cG9eYTRXv4Uk6sR%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20our%20survey%20%3C%2FA%3E%20.%3CH3%20id%3D%22toc-hId--1046769288%22%20id%3D%22toc-hId--1046769288%22%3EImproved%20registration%20experience%20for%20the%20Microsoft%20Authenticator%20app%3C%2FH3%3ENot%20only%20does%20this%20new%20experience%20give%20users%20the%20ability%20to%20register%20for%20two%20features%20at%20once%2C%20but%20we%20also%20made%20each%20step%20in%20the%20registration%20process%20more%20intuitive.%20In%20particular%2C%20we%20improved%20the%20registration%20experience%20for%20the%20Microsoft%20Authenticator%20app%20(or%20any%20other%20authenticator%20app).%20Clear%20instructions%20and%20illustrations%20walk%20users%20through%20each%20step%20of%20registering%20their%20authenticator%20app.%20In%20addition%2C%20users%20who%20register%20from%20their%20mobile%20device%20can%20setup%20their%20account%20in%20the%20Microsoft%20Authenticator%20app%20with%20a%20single%20tap.%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46664iBE33A6E2076F100D%22%20%2F%3E%3CP%3E%3CEM%3E%20First%20step%20in%20the%20Microsoft%20Authenticator%20app%20registration%20experience.%20%3C%2FEM%3E%3C%2FP%3ETo%20learn%20more%20about%20registering%20the%20Microsoft%20Authenticator%20app%2C%20check%20out%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fregisterauthapp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20user%20guide%20%3C%2FA%3E%20.%3CH3%20id%3D%22toc-hId-696041047%22%20id%3D%22toc-hId-696041047%22%3EReset%20passwords%20using%20Microsoft%20Authenticator%3C%2FH3%3EUsers%20who%20register%20the%20Microsoft%20Authenticator%20app%20(or%20another%20authenticator%20app)%20through%20the%20new%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsetupsecurityinfo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20security%20info%20registration%20%3C%2FA%3E%20experience%20or%20the%20current%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmfasetup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20MFA%20registration%20%3C%2FA%3E%20experience%20can%20use%20an%20authenticator%20app%20to%20prove%20who%20they%20are%20to%20reset%20their%20password.%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F46665i6D39F5E6F5E3768F%22%20%2F%3E%3CP%3E%3CEM%3E%20Mobile%20app%20options%20in%20Password%20reset%20settings.%20%3C%2FEM%3E%3C%2FP%3EYou%20can%20quickly%20enable%20this%20feature%20from%20the%20Azure%20AD%20portal%20under%20Password%20reset%20settings%E2%80%94simply%20check%20the%20%3CSTRONG%3E%20Mobile%20app%20notification%20%3C%2FSTRONG%3E%20and%20%3CSTRONG%3E%20Mobile%20app%20code%20%3C%2FSTRONG%3E%20options.%20To%20learn%20more%20about%20how%20to%20enable%20your%20users%20to%20reset%20their%20password%20using%20the%20Microsoft%20Authenticator%20app%2C%20check%20out%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fauthappsspr%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20our%20documentation%20%3C%2FA%3E%20.%3CH3%20id%3D%22toc-hId--1856115914%22%20id%3D%22toc-hId--1856115914%22%3ETell%20us%20what%20you%20think%3C%2FH3%3EAs%20always%2C%20we%20want%20to%20hear%20any%20feedback%20or%20suggestions%20you%20have.%20Please%20let%20us%20know%20what%20you%20think%20in%20the%20comments%20below%20or%20send%20us%20an%20email%20at%20%3CA%20href%3D%22mailto%3Assprfeedback%40microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20ssprfeedback%40microsoft.com%20%3C%2FA%3E%20.%20Best%20regards%2C%20Alex%20Simons%20(Twitter%3A%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Falex_a_simons%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20%40Alex_A_Simons%20%3C%2FA%3E%20)%20Director%20of%20Program%20Management%20Microsoft%20Identity%20Division%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-245454%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20CloudBlogs%20on%20Aug%2C%2006%202018%20Howdy%20folks%2C%20Today%2C%20I%20am%20excited%20to%20share%20some%20really%20cool%20improvements%20to%20Multi-Factor%20Authentication%20(MFA)%20and%20self-service%20password%20reset%20(SSPR)%20that%20are%20now%20in%20public%20preview!%20We%E2%80%99ve%20heard%20from%20our%20customers%20that%20having%20two%20different%20registration%20experiences%20causes%20confusion%20and%20frustration.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-245454%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EProduct%20Announcements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jul 24 2020 01:55 AM
Updated by: