Avoid switching to Enforced after enrolling

Miguel Angel 21 Reputation points


We are starting to use MFA in our company, but we do not want to use Enforced method, only the Enabled. I understand that after the registration users switch to Enforced, but how can i avoid that? Even if i register the phone for them before their first time login it will do the registration and it switch to enforced.

Please provide a little guidance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,547 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. KAREDD-MSFT 391 Reputation points Microsoft Employee


    I am afraid it's not feasible to get MFA to work in just enabled mode. However, We recommend using Conditional Access policies to trigger MFA.

    With CA policies, you can control in which scenario, the user should be prompted for MFA and users will be prompted accordingly. I would recommend going through this doc to understand more about CA policy and how to create them.

  2. Miguel Angel 21 Reputation points

    I guess then i did the incorrect question, is the Enforced Method the one that is forcing the apps to have a custom password? Because that is what we do not want to use in particular, we want to keep using the Domain password of the user account