Share via

Setup MFA for Account

Rising Flight 5,216 Reputation points
2024-05-02T19:34:06.2866667+00:00

Hi All

i have an Azure AD account and i want to set up MFA for it. This account is a global admin account. i have logged in with this account.

Microsoft Entra ID-->users--> i have selected this account. Under Authentication methods, i see two options

Require re-register multifactor authentication & Revoke multifactor authenticaton sessions. i dont see option to setup MFA.i have a thrid party application which stores secrets. If i get the code and I can insert the code in the third party application and i control the MFA from that application. This is my requirement.

  1. Is there any option in Entra id to know the password related information. i.e do we have option for password never expires.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2024-05-02T20:11:19.2633333+00:00

    Hello! Both options will always be available, but they do not necessarily signal that Multi-Factor Authentication (MFA) applies to the account. To ensure MFA enrollment, you must enforce it through one of the following methods:

    1. Security Defaults: Enabling security defaults in Azure AD ensures that MFA is required for all users in your organization. It's a simple way to enhance security without complex configurations.
    2. Per-User MFA: With per-user MFA policies, you can selectively enforce MFA for specific users. This approach allows more flexibility and customization.
    3. Conditional Access: Use conditional access policies to define specific conditions under which MFA is required. For example, you can enforce MFA based on location, device type, or risk level.

    Regarding password information, it's all stored in the passwordProfile property. This property contains details related to password management, including password change history and expiration policies.

    Let me know if you need additional or more detailed guidance. If this answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution. 🌟

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rising Flight 5,216 Reputation points
    2024-05-03T03:39:51.0466667+00:00

    when i follow the below article i dont see the MFA settings to enable for this particular user.

    https://k21academy.com/microsoft-azure/az-500/azure-ad-multi-factor-authentication/

    0 comments
  2. Alan La Pietra (CSA) 80 Reputation points Microsoft Employee
    2024-05-03T10:40:17.02+00:00

    Hi, be aware that Per-User MFA will be deprecated in favour of Authentication Methods.

    In EntraID you will see legacy option Multifactor Authentication and new option Authentication Methods.

    You will need to enable the new Authentication Methods, then go into the legacy MFA and disable the Per-User MFA. Disable service flags that map to new methods. Disable SSPR if enabled. Go to Authentication Methods and select Manage Migration and confirm "migration complete". Re-enable SSPR.

    For MFA you will need to create Conditional Access policies.

    I suggest to create all the common recommended CA policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-admin-mfa

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.