If you already have the necessary licensing, go with CA policies. They offer a lot more flexibility, and this is where Microsoft is making future improvements. The per-user MFA settings will eventually be deprecated.
Conditional Access on user level or CA rules
Hello,
I'm at the moment securing my tenant's MFA via Conditional Access rules.
I see you can setup MFA from the url https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx (admin center and also set Trusted locations)
On the other hand you can also set trusted locations via Conditional Access.
Now the question is wish one of the two will have the upperhand? The CA or The MFA settings?
Do i need to enable trusted locations in CA and in Azure url shown above?
I got a user that logs in that gets the question to "add a phone number to keep the account safe", i don't want that.
Kind regards,
Tom