The policy is set to Passwordless, the user won't be eligible for the Authentication Methods Policy: Users will need to be enabled for theĪuthenticator app and the Authentication mode set to Any or Push.Perhaps this is referring to something else?.I believe this is referring to the Multifactor authentication registration policy in Identity Protection, but I enabled it and it didn't seem to have an effect.MFA Registration Policy: Users will need to be enabled for Notification through mobile app.This shouldn't be an issue as this is a new environment and I haven't registered any Authenticator apps yet.Īdmins need to enable users for the Authenticator app using one of.Users can't have already set up the Authenticator app for push There also appears to be an MFA server, but I am assuming that this is not applicable, so I have ignored it.I don't think that I want MFA enabled through security defaults (again, trying to avoid using phone number) or via Identity Protection (seems to be superseded by conditional access).Also, wouldn't doing this defeat the purpose of using the Authenticator app? and it's unclear which MFA option I should be using. I tried adding MFA on all sign-ins with conditional access, and it didn't seem to have an effect.It seems there are multiple ways to enable MFA, and it isn't clear which methods are appropriate.Every edition of Azure AD includes Azure AD Your organization must have enabled Azure AD Multi-FactorĪuthentication. I will outline my confusion with the prerequisites:
Working through the pre-requisites mentioned in the article I tried several configurations but was never able to get a new user prompted to register the Authenticator app. I have Security Defaults turned off, I have enabled Microsoft Authenticator and Email OTP authentication methods, I have enabled the registration campaign and currently I believe no forms of MFA turned on (but I had tried a few).
I am trying to implement the 'registration campaign' feature in the azure portal.
0 kommentar(er)
