Azure AD MFA

yasser Mohamed AbdelMoneim 291 Reputation points
2021-11-21T14:34:00.23+00:00

Hello

can we apply MFA verification option per user or group ?

for example can i enforce some users to use MFA with verification option ( call to phone) and another group using test message to phone) or can we can segregate by applications also , each application when user need to access it should shown different verification option?

151273-verification.png

when we enroll the the user to use MFA , can we send them automatic email to each user to invite him to user and enroll MFA service?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,360 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Clément BETACORNE 2,031 Reputation points
    2021-11-22T09:42:54.487+00:00

    Hello,

    As far as I know it is not possible to have different type of MFA verification based on users or groups.
    For the segregation per application it's the same I'm not aware of something like that, for me if the user registered for one method of MFA it will be used for any applications this user will access if MFA is configured for the application via conditional access or per user MFA
    For the MFA enrollment you can use something like Identity Protection which will help you enforce MFA registration at sign in
    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

    If you use MFA registration policy with Identity Protection no need for email because users will be prompted to register for MFA at sign-in
    I'm not aware of something out-of-box regarding automatic email to notify user to register for MFA, I think you will have to create your routine

    Regards,

    0 comments No comments