Mar 26 2024 01:09 PM
We're looking to rollout MFA for all our users, specifically just for any access to their Exchange Online and Microsoft Teams. I've followed the the instructions from Microsoft's Knowledge article: https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa
What I have setup:
New Conditional Access Policy (MFA Pilot):
Users > At the moment just including a specific group that i have my test users part of.
Target Resources > Cloud Apps > Office 365 Exchange Online & Microsoft Teams
Conditions > Client Apps > Enabled and checked all "Modern authentication clients" options (Browser/Mobile app and desktop clients/Legacy authentication clients/Exchange ActiveSync clients/Other clients)
Grant > Grant Access > Require multifactor authentication (Enabled)
Under Protection > Authentication Methods
Microsoft Authenticator (Enabled) > Authentication Mode: Any
Only Targeting the group my test users are in.
From my understanding with all of that enabled and set, when an account that is currently not setup for MFA yet, once they log into anything Exchange Online (or just signing into office.com for the first time) should trigger to get enrolled and register for the first time.
I've set these and its been about 2 hours and when i use one of my test accounts and log into office.com with it on a different machine, it still just normally logs in and doesn't trigger to enroll into MFA.
Help!
Mar 27 2024 02:16 AM
Mar 27 2024 02:17 AM