Share via

On MFA what is the difference between enabled and enforced

Rose Ahmed 25 Reputation points
2025-06-09T07:59:29.43+00:00

On MFA what is the difference between enabled and enforced for individual users

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,178 questions
0 comments
Accepted answer
  1. Jack-Bu 2,220 Reputation points Microsoft External Staff Moderator
    2025-06-09T10:04:20.97+00:00

    Hi Rose Ahmed

    Good day! Thank you for posting your question in the Microsoft Q&A forum.

    Based on your question, you might want to know the difference between the two MFA (Multi-Factor Authentication) states on Microsoft Azure Active Directory: enabled and enforced. After conducting my own research, I have gathered the following information: 

    Microsoft Azure Active Directory uses various terms to show the status of MFA for each user:

    • MFA Enabled: User has the option to set up MFA, but it is not required. They will be prompted to complete the registration process the next time they sign in. However, users only have 15 days to register for MFA, after which it becomes mandatory.
    • MFA Enforced: User is required to set up MFA and cannot access their account until they have completed the MFA setup process. User will need to verify their identity with MFA every time they log in.

    I hope the above information helps you. If you have any other questions or if I misunderstood your query, please feel free to let me know!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".         

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.   

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abrar Adil S 401 Reputation points
    2025-06-09T08:43:14.78+00:00

    Hello **Rose Ahmed

    Enabled:** MFA has been turned on for the user, the user will be prompted to register for MFA (e.g., set up the Microsoft Authenticator app or add a phone number) the next time they sign in.Enforced: User has completed MFA registration, and MFA is now fully required during sign-in.Going forward, they’ll need to verify their identity with their second factor (e.g., app notification or phone verification) whenever MFA is triggered.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".

    0 comments
  2. Rose Ahmed 25 Reputation points
    2025-06-10T06:31:35.0433333+00:00

    Thanks Guys that was most helpful and explained clearly the difference.

    Wish you both a lovely day.

    Rose

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.