Just use the "group" condition, if you need step by step instructions check here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa?toc=/azure/active-directory/conditional-access/toc.json&bc=/azure/active-directory/conditional-access/breadcrumb/toc.json
Enabling 2FA/MFA with Azure Conditional Access Policy?
I'm using Azure AD Premium P2, and also Hybrid Synched OnPremise AD DS to Azure AD with Azure AD Connect (PHS).
I need to enable specific team members that is in specific AD security group to have the 2FA/MFA enabled.
Total Number of users 1000+ spread geographically around the world.
Current Limitation is, MFA/2FA can only be enabled by Global Admins, which is just 4 people across the regions.
How can I achieve this with Conditional Access Policy in Azure by adding the specific users to the AD security Group called 'Secured Users Group' ?
I need some steps and the guidance in this, so that the Global Admins do not need to manually enable 2FA/MFA one by one.