Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

CA MFA Setup

Copper Contributor

Hello

I configure conditional access policy to prevent users to register security information outside ours network. The policy working when user go to https://aka.ms/mysecurityinfo

when user go to https://aka.ms\mfasetup he can start the process for registration

I want to know is this normal behaviour or a known problem

Thank you for your reply

1 Reply

Hi there @awaaziz,

 

I came across your post here while trying to investigate an issue where aka.ms/mfasetup kept me in a login loop where I would be prompted to enter my username, password, YubiKey PIN, and tap the YubiKey over and over again.

 

I found that aka.ms/setupsecurityinfo did not do this and I was able to manage my MFA authentication methods. I couldn't find anything else online that suggested there might be something different about these two short URLs. However, I stumbled upon this little note in portal.azure.com -> Azure Active Directory -> Password Reset -> Authentication Methods that suggests /setupsecurityinfo may be newer (green emphasis mine)

 

Users can register their mobile app at https://aka.ms/mfasetup or in the new security info registration experience at https://aka.ms/setupsecurityinfo. You can enable security info registration for your organization by following steps at https://aka.ms/securityinfodocs. For additional help on using Authenticator app methods visit https://aka.ms/authappsspr.
While it doesn't answer your question, it at least suggests there is a difference between the two. 
 
As for your actual question, I should warn you that in my experience so far, creating a Conditional Access Policy using the Register security information User Action (under Cloud apps or actions) applies not only to MFA/SSPR registration, but also password resets. So, if you deploy this setting, you will need to make sure all of your users will be able to meet whatever conditions you set for managing MFA AND passwords.