MFA enrollment and Conditional Access

berketjune2012 371 Reputation points

Hello I have two questions regarding enrolling in MFA on Azure/Office 365:

1) If there is a conditional access policy to not enforce MFA from a trusted location, would this apply to initial registration as well? In other words If I enable and enforce MFA for a user for the first time, will he or she be prompted to enroll if they are coming in from a trusted location which would normal bypass MFA because of Conditional Access.

2) Can a user self enroll in MFA if MFA has not be enabled/enforced in the backend portal in Azure?


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,181 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 17,521 Reputation points MVP

    Hi @berketjune2012

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    1. Yes, you can create Conditional access, the users must have a license of Azure AD P1 or P2.
    2. To allow self-enrollment the user must have the MFA enabled

    Hope this helps,
    Carlos Solís Salazar


    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.