Yea, its a one or the other thing. https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#enabling-security-defaults You can use a CA policy for those 10 users and enable per-user MFA for the others of course: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates
What happens if you only have 10 users out of 50 who need to have their accounts protected by conditional access but you want all staff protected by MFA?
I have a client who has 10 Business Premium accounts and the rest of E1.
They would like to have a Geofence set up using Conditional Access for just those 10 users but have MFA enabled for everyone.
To use conditional access we need to disable Security Defaults.
Is there a way to ensure that the Security Default protection is still enabled for those who aren't in the Conditional Access Policy? They don't want to spend the extra money getting those E1 accounts a P1 license and it's confusing as the wording from what I can tell is that to use Conditional Access for any user requires a P1 license but to use MFA for all users template is technically using a conditional access policy.