25,113 questions
AFAIK, the users' MFA registration information would remain valid - eliminating the need for users to re-register
hth
Marcin
Moving away from Security defaults
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 39%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AnnaG
166
Reputation points
Hi all We want to move away from security defaults to something like per-user MFA or CA policies. Ideally the latter but CA and security defaults cant be used at the same time so a better route might be move from one to the other as we don't want MFA disabled for too long, if at all. We've got the license to use CA. We want to ensure none of our users needs to be asked again for MFA registration so the transition is as non impacting as possible. I feel as long as we have the correct auth methods in place for each account (authentication being key as security defaults uses this), we should be fine when moving to the other options? Might be better to progress to CA at a later stage as well as I realize it is CA or Security defaults only and not both at same time. Any advise would be appreciated from those that have moved already. Thanks in advance.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht 50,260 Reputation points MVP Volunteer Moderator2024-02-17T00:56:15.4666667+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator2024-02-20T12:02:12.99+00:00 Hi @AnnaG
Thank you for posting your query on Q&A.
I understand that you are switching from Security Defaults to Conditional Access (CA) policies or per-user MFA in Entra ID.
When you enable Security Defaults in Azure, all users are required to register for Multi-Factor Authentication (MFA).
If you are switch to Conditional Access policies, the MFA registrations done under Security Defaults will still be valid and users will not be asked to register for MFA again if they have already done so under Security Defaults
If a user has not registered for MFA under the previous Security Defaults, and they hit a condition in your Conditional Access policy that requires MFA, they will be prompted to register at that time.
I hope this information helps! please Feel free to ask any questions you may have.
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
-
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-02-22T06:50:56.13+00:00 Hi @AnnaG
Following up to see if the above answer was helpful. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know. -
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-02-24T02:56:11.9866667+00:00 Hi @AnnaG Following up to see if the above answer was helpful. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.
Sign in to comment -