After Security Defaults are enabled after 14 days, how long until users are prompted for MFA

Sean Smith 20 Reputation points


We are were prompted during Microsoft SSO that the Security Defaults for our tenant will be enabled. As we are still prepping to roll out MFA for users, I am curious on how quickly the users will be prompted to register for MFA?

Ideally, we need a little more time to prep and would just like to toggle disable and save to buy us more time?

Also, would that just start the 14 day timer over from the enable prompt?

Thank you for your time!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,908 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akhilesh 5,635 Reputation points Microsoft Vendor

    Hi @Sean Smith

    Thank you for reaching out to the community forum!

    If you Enable the Security Defaults for your tenant will prompt all users to register for MFA immediately.

    All users have 14 days to register using the Microsoft Authenticator app after the 14 days pass, the user can't sign in until registration is completed.

    If you need more time to prepare for MFA rollout, you can disable Security Defaults temporarily or
    you can disable Security Defaults and then re-enable it later, the 14-day timer for MFA registration will start over from the time you re-enable it. This means that users who have already registered for MFA will not be prompted to register again, but users who have not registered will be prompted to register within 14 days.

    Hope this helps. Do let us know if you any further queries.



    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Marcin Policht 14,185 Reputation points MVP

    Users will be prompted to register for MFA for 14 days following their initial login as soon as you enable Security Defaults. After that period, they will be forced to register for MFA

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.



    0 comments No comments

  2. Sean Smith 20 Reputation points

    Thank you!

    0 comments No comments