Azure AD MFA

asked 2021-11-21T14:34:00.23+00:00
yasser Mohamed AbdelMoneim 286 Reputation points

Hello

can we apply MFA verification option per user or group ?

for example can i enforce some users to use MFA with verification option ( call to phone) and another group using test message to phone) or can we can segregate by applications also , each application when user need to access it should shown different verification option?

151273-verification.png

when we enroll the the user to use MFA , can we send them automatic email to each user to invite him to user and enroll MFA service?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,570 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2021-11-22T09:42:54.487+00:00
    Clément BETACORNE 2,011 Reputation points

    Hello,

    As far as I know it is not possible to have different type of MFA verification based on users or groups.
    For the segregation per application it's the same I'm not aware of something like that, for me if the user registered for one method of MFA it will be used for any applications this user will access if MFA is configured for the application via conditional access or per user MFA
    For the MFA enrollment you can use something like Identity Protection which will help you enforce MFA registration at sign in
    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

    If you use MFA registration policy with Identity Protection no need for email because users will be prompted to register for MFA at sign-in
    I'm not aware of something out-of-box regarding automatic email to notify user to register for MFA, I think you will have to create your routine

    Regards,

    No comments