- MFA with Microsoft Entra ID Free License: Implementing MFA directly with the Microsoft Entra ID Free tier is limited. However, you can still enable Security Defaults, which enforces MFA for all users without needing P1 or P2 licenses. Note that this is less flexible and doesn't allow customization, such as applying MFA only to certain groups.
- Licensing for MFA in P1/P2: When you upgrade to Microsoft Entra ID P1 or P2, you only need to license users who require access to premium features like MFA. You can assign licenses to selected users or groups rather than all synced users from your on-prem directory. So, you're only charged for the users who need these features.
- Trial Rollback: After completing a trial of Microsoft Entra ID P1 or P2, you can roll back to the free tier license. However, premium features like Conditional Access or MFA for specific users will no longer be available, and you’ll need to adjust any policies relying on those premium features.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin