This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 69%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
If I block access to resource "Microsoft Admin Portals" app from other users than admin users, do I also block normal user or guest user access to Windows Azure Active Directory, so that normal users or guest user can register their 2FA to satisfy requirement for all users to have 2FA to access any resource?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@IMK Thanks for posting in our Q&A. For this issue, it seems more related to Microsoft Entra ID. To get more information, I will add "Microsoft Entra ID" tag. Thanks for your understanding.
Hi IMK,
I don't see that it would be an issue, but it should be an easy thing to test.
Another approach would be to use PIM and restrict all admin roles until they enable such rules in the PIM menu.
Best regards.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @IMK,
Thank you for posting your query on Microsoft Q&A.
Blocking access to the "Microsoft Admin Portals" app for non-admin users will not prevent normal or guest users from accessing Microsoft Entra ID for purposes like 2FA registration. Regular users and guests can still access Entra ID to register for two-factor authentication (2FA), satisfying the requirement for all users to have 2FA to access any resource.
The "Microsoft Admin Portals" app is specifically for administrative access to manage Microsoft Entra and other services. Restricting access to this app for non-admin users will only block their access to the admin portals; it won’t affect their access to other services or resources they’re authorized to use.
You can safely block non-admin users from accessing the "Microsoft Admin Portals" app without impacting their access to Microsoft Entra for 2FA registration.
The Microsoft Admin Portals suite includes:
For more details, refer to the documentation on: Conditional Access and Microsoft Admin Portals.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.
Hello @IMK,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hello @IMK,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.