MFA enrollment and Conditional Access

berketjune2012 371 Reputation points
2022-04-06T17:55:50.063+00:00

Hello I have two questions regarding enrolling in MFA on Azure/Office 365:

1) If there is a conditional access policy to not enforce MFA from a trusted location, would this apply to initial registration as well? In other words If I enable and enforce MFA for a user for the first time, will he or she be prompted to enroll if they are coming in from a trusted location which would normal bypass MFA because of Conditional Access.

2) Can a user self enroll in MFA if MFA has not be enabled/enforced in the backend portal in Azure?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,181 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 17,521 Reputation points MVP
    2022-04-07T00:50:32.267+00:00

    Hi @berketjune2012

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    1. Yes, you can create Conditional access, the users must have a license of Azure AD P1 or P2.
    2. To allow self-enrollment the user must have the MFA enabled

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.