Share via

Can a group be created where Multi-Factor Authentication is not enforced after the transition to the new Authentication methods policy?

Lukas Lüdecke 0 Reputation points
2024-09-09T09:08:13.77+00:00

Hello!

We are going to transition to the new Authentication methods policy and have some users for whom enforcing MFA is not feasible (for example, primary school children who don't have phones). Will it be possible to create a group for these users where MFA is not enforced?

Thanks in advance for your help!

Best regards,
Lukas

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 123.5K Reputation points MVP Volunteer Moderator
    2024-09-09T16:43:03.1933333+00:00

    Yes, you can scope each authentication methods to select groups as needed. Both include and exclude mode are supported. And you can continue using per-user MFA if you want, it's still available.

    0 comments
  2. Prakash Vankudoth 85 Reputation points Microsoft External Staff
    2024-09-11T07:18:27.3866667+00:00

    Hi, Lukas Lüdecke

    Adding information provided by the Vasil Michev,

    If you have premium license in your tenant, you can create a new conditional access policy.
    Follow the below link to create a policy: Enable Microsoft Entra multifactor authentication - Microsoft Entra ID | Microsoft Learn

    Please reach out to us for further queries.

    Thanks,

    Prakash V.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.