Share via

[MSDN Redirect] Conditional Access

SwathiDhanwada-MSFT 18,771 Reputation points
2020-02-04T04:34:46.803+00:00

Hello,

When trying to setup MFA I selected an option that has resulted in problems signing in.

At first I enabled the Conditional Access policy which requires MDF for admins.This worked fine and we had to use the MS Authenticator app for sign in.But we wanted a backup solution so we were searching for a way to also have the option to login with text message. The additional security verification was missing when accessing the user profile. Until we went to the AD Directory properties and enabled the security default option.

The problem now is that MFA is required for all users, not admins only..When reading more about MFA, I suspect this is because we enabled the security defaults in the Azure AD Properties. I went back and put this setting back to No. But now the Baseline policies in Conditional Access don't show up anymore. How can I restore these policies?

We are using Office 365 Business licenses. So, I assume this is a Free Azure AD we are using.

The most important part is how to disable MFA for all users. We have general mailboxes, for which it is not applicable to add a MS Authenticator app, because it isn't a personal mailbox. (Why we don't use shared mailboxes for this, is because these can't be used/viewed on mobile phones.)

Many thanks in advance for helping us out.

Steve

Source

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,119 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,646 Reputation points
    2020-02-04T09:33:51.37+00:00

    Once "Security Defaults" are enabled, you can never go back to Baseline policies. Enabling "Security Defaults" automatically disables all baseline policies which results in their deletion. There is no way to recover the baseline policies as these are deprecated and being removed from all tenants. This removal is targeted for completion at the end of February 2020. Tenants not migrated to Conditional Access or Security Defaults prior to February 29, 2020 will be unprotected.

    If you need MFA for admins and not for standard users, you would need to use Conditional Access that requires Azure AD Premium P1 or P2.

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.