When you set a user to an "Enforced" state, anything that uses legacy authentication will no longer work. In Microsoft 365, legacy authentication can't make use of MFA. See Microsoft documentation: Common problems with two-factor verification and your work or school account Let's get started! Configuring your environmentīefore using Legacy MFA, you'll need to do the following: This will allow you to roll out MFA usage without disruption.įor more information on these terms and this approach in general, read the Microsoft documentation. If you choose this option, we will guide you through how to prepare the necessary parts of your environment, encourage users to enrol for MFA, and periodically set enrolled users to an "Enforced" state, causing them to then require MFA on future logins. However, at best this should be an interim solution until you are able to transition to Security Defaults or Conditional Access - all accounts without MFA represent a potential security risk as they are available with a single factor of authentication.
Otherwise, if you really can't get everyone using MFA such that you can't use Security Defaults, you can use this approach to selectively enable MFA, such as on high privilege accounts - this is much better than not using MFA at all if Security Defaults doesn't work for you. If you have Azure AD Premium P1 licenses, there is no reason to use Legacy MFA - you should be using Conditional Access as it provides all the same features and flexibility but with far better support.
Users are prompted for MFA on every login, regardless of what they're accessing. It allows you to enable MFA per-user and to create exceptions where necessary but is only configurable via a separate legacy web panel or PowerShell. Per-user (or legacy) MFA, as the name suggests, is no longer Microsoft's preferred option for using MFA in Microsoft 365.
0 kommentar(er)
