Can a group be created where Multi-Factor Authentication is not enforced after the transition to the new Authentication methods policy?

Lukas Lüdecke 0 Reputation points
2024-09-09T09:08:13.77+00:00

Hello!

We are going to transition to the new Authentication methods policy and have some users for whom enforcing MFA is not feasible (for example, primary school children who don't have phones). Will it be possible to create a group for these users where MFA is not enforced?

Thanks in advance for your help!

Best regards,
Lukas

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,900 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,825 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 106.3K Reputation points MVP
    2024-09-09T16:43:03.1933333+00:00

    Yes, you can scope each authentication methods to select groups as needed. Both include and exclude mode are supported. And you can continue using per-user MFA if you want, it's still available.

    0 comments No comments

  2. Prakash Vankudoth (Quadrant Resource LLC) 5 Reputation points Microsoft Vendor
    2024-09-11T07:18:27.3866667+00:00

    Hi, Lukas Lüdecke

    Adding information provided by the Vasil Michev,

    If you have premium license in your tenant, you can create a new conditional access policy.
    Follow the below link to create a policy: Enable Microsoft Entra multifactor authentication - Microsoft Entra ID | Microsoft Learn

    Please reach out to us for further queries.

    Thanks,

    Prakash V.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.