What happens if you only have 10 users out of 50 who need to have their accounts protected by conditional access but you want all staff protected by MFA?

Shane Fallon 0 Reputation points
2024-01-25T18:44:52.29+00:00

I have a client who has 10 Business Premium accounts and the rest of E1.
They would like to have a Geofence set up using Conditional Access for just those 10 users but have MFA enabled for everyone.

To use conditional access we need to disable Security Defaults.
Is there a way to ensure that the Security Default protection is still enabled for those who aren't in the Conditional Access Policy? They don't want to spend the extra money getting those E1 accounts a P1 license and it's confusing as the wording from what I can tell is that to use Conditional Access for any user requires a P1 license but to use MFA for all users template is technically using a conditional access policy.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,604 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 137.9K Reputation points MVP
    2024-01-25T19:27:23.7566667+00:00

    Yea, its a one or the other thing. https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#enabling-security-defaults You can use a CA policy for those 10 users and enable per-user MFA for the others of course: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates

    0 comments No comments