This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
I am trying to understand the difference between enabling and enforcing MFA (as an admin) from user's perspective/experience.
According to Microsoft when you enable MFA on "per user MFA" menu, a window pops up asking the user to finalize the MFA procedure. When the procedure is done the status changes from "enabled" to "enforced".
What would happen from user's perspective if i enforce MFA to a user instead of enabling it?
Thank you,
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi did you ever find out why this happens? Where some are showing as Enforced and some showing Enabled? I am facing similar issues where I know we have done it and "Enforced" it but still shows "Enabled" on some.
This is definitely not accurate. MFA is enabled and activated for all of my users, but some are marked as enabled and some as enforced. Further, I have the option to enforce MFA for some but not others with no obvious pattern for which is which.
When MFA is enabled, users are asked to set up MFA next time they sign in, whether "enforced" or not. Enforcement is evidently something I can do at the back end (since I have a button for it) and is nothing to do with whether the user has completed the process or not.
Can you explain this apparent discrepancy, and perhaps explain why I might have the option to enforce for some users and not others? There are no user-specific policies in use to the best of my knowledge.
Dear Palaiologou Vlasis,
Thanks for your update!
I did some further search on this based on O365 envriroment, the "MFA enabled" and "MFA enforced" are more often referring to the users MFA status when you viewing them in the Azure AD:
User states may be set as disabled, enabled or enforced:
At the same time, based on my testing, it also works like this.
I think this would be more clear, hope it can be useful for you.
Thanks for your time and your understanding would be highly appreciated.
Sincerely,
Sherry | Microsoft Community Moderator
So enabling the MFA does not pop up the MFA procedure, it is just gives the user the option to register through office 365 menu (?). User can just ignore it though and continue without registering.
Enforcing MFA on the other hand does not allow user to access it's account unless completing the registration and it pops up the "more information required" window, correct?
Dear Palaiologou Vlasis,
Good day! Thank you for posting to Microsoft Community. We are happy to assist you.
Based on your description, you want to know the difference between enabling and enforcing MFA.
Enabling MFA for a user means that the user has the option to set up MFA, but it is not required. Enforcing MFA means that the user is required to set up MFA and cannot access their account until they have completed the MFA setup process.
If you enforce MFA for a user, they will be prompted to set up MFA the next time they log in to their account. They will not be able to access their account until they have completed the MFA setup process. Once they have completed the setup process, they will be required to use MFA every time they log in to their account.
Enabling MFA gives the user the option to set it up, but they can still access their account without MFA. Enforcing MFA requires the user to set it up and use it every time they log in.
I hope the information abave can be usesful. If there is any update or I misunderstand you, please feel free to let me know. I will continue to assist you. Your understanding and co-operation are highly appreciated.
Thanks for your precious time. Have a nice day.
Sincerely,
Sherry | Microsoft Community Moderator