May 05 2021 11:03 AM
Hello
I configure conditional access policy to prevent users to register security information outside ours network. The policy working when user go to https://aka.ms/mysecurityinfo
when user go to https://aka.ms\mfasetup he can start the process for registration
I want to know is this normal behaviour or a known problem
Thank you for your reply
May 05 2022 01:53 PM
Hi there @awaaziz,
I came across your post here while trying to investigate an issue where aka.ms/mfasetup kept me in a login loop where I would be prompted to enter my username, password, YubiKey PIN, and tap the YubiKey over and over again.
I found that aka.ms/setupsecurityinfo did not do this and I was able to manage my MFA authentication methods. I couldn't find anything else online that suggested there might be something different about these two short URLs. However, I stumbled upon this little note in portal.azure.com -> Azure Active Directory -> Password Reset -> Authentication Methods that suggests /setupsecurityinfo may be newer (green emphasis mine)
Users can register their mobile app at https://aka.ms/mfasetup or in the new security info registration experience at https://aka.ms/setupsecurityinfo. You can enable security info registration for your organization by following steps at https://aka.ms/securityinfodocs. For additional help on using Authenticator app methods visit https://aka.ms/authappsspr.