Hi @mbtest , are you trying to get rid of the shared token and just have per-user MFA? Please let me know if I misunderstood your question. If so, have you followed this document?
Stop sharing of MFA, enforce possession factor?
Hello,
I have a challenge where I have a set of administrative users who are sharing an MFA token. I believe they are doing this by sharing the enrollment seed (QR code) between multiple devices.
I was able to replicate this today by scanning the code with an app, and adding the token manually on two devices.
My goal is to stop sharing of MFA, and I think the best way to do this is to enforce the possession factor by enforcing push notification on the app.
This is fairly easy to do in Okta, but I can't figure out exactly how to do this in AzureAD. It appears that multi factor doesn't allow explicit control over factoring methods (even via CAPs).
Am I correct?
Thanks,
Matt
1 answer
Sort by: Most helpful
-
James Hamil 26,881 Reputation points Microsoft Employee
2022-06-20T20:41:23.05+00:00