Visual Studio Subscription Tenant: "Enable multifactor authentication for your tenant by 15 October 2024"

Question

Microsoft sent me an email (Sunday, August 18, 2024 4:30 AM) titled "Action required: Enable multifactor authentication for your tenant by 15 October 2024" ("You’re receiving this email because you’re a global administrator for [redacted - my tenant's guid]") saying I need to set up MFA on my Azure tenant. They sent it from a “noreply” account.

My azure tenant is the one I get via my Visual Studio Subscription, it's not the main one for our company.

It would have been helpful if any of the multitude of links in that email actually linked to something which told you what to do. The best I could find was a secondary link on one of those pages to this page (https://learn.microsoft.com/en-gb/entra/identity/authentication/tutorial-enable-azure-mfa). The wording on that page is terrible (as an example, it says "Browse to Protection > Conditional Access," when the item is actually "Protect > Conditional Access"); but when I get there the "+ Create new policy" button is greyed out. This is a terrible UI design decision, because I just have the frustration of seeing that the button is there, and no way of knowing why it's disabled. A better design would have allowed me to click on the button and then explain to me why I can't do that. I can only guess that perhaps I am not a "Conditional Access Administrator". I even tried changing Azure Portal > Microsoft Entra ID > Manage > Properties | Access management for Azure resources => Yes; but that didn't allow me to do it either. Since I can't create a Conditional Access policy, it means I can't follow the steps to enable MFA.

After some digging, I followed a link from "Guided walkthough" on https://learn.microsoft.com/en-gb/entra/identity/authentication/howto-mfa-getstarted which took me to https://admin.microsoft.com/AdminPortal/home?Q=learndocs#/modernonboarding/mfasetupguide, which told me "Switch to an account that has permission. Your account ([redacted]) doesn’t have permission to view or manage this page in the Microsoft 365 admin center." So I couldn’t do that either.

I notice that "Security Defaults" is enabled on my tenant, which provides MFA, and I have per-user MFA set up so maybe I don't need to do anything. But I still get the notification icon pop-up when I log in, saying that I need to do it.

I logged a ticket with our helpdesk in September.

As the date in question arrived, I postponed the change.

The ticket was finally actioned today (5th November) but they have been unable to do it either, and have suggested that I request help on here.

Can you let me know whether I need to do anything, and if so, please help me to set up MFA.

Answer 1

Hi @ RichardReeves-8228   
Thank you for sharing your issue on Microsoft Q&A.   

I understand that you received an email from Microsoft asking you to enable multifactor authentication (MFA) for your tenant by 15 October 2024, and that you've encountered difficulties setting it up. You've also tried various steps to enable MFA. 

As you mentioned, you have already enabled security defaults and per-user MFA, which means MFA is configured in your tenant. Could you please check whether you registered for MFA or not? 

Regarding the conditional access policy, there are three reasons why the option to create a new policy is greyed out: 

1. Lack of permissions: To create a conditional access policy, you need at least the Conditional Access Administrator role. 
2. P1 or P2 license is required. 
3. Security Defaults: If security defaults are already enabled in your tenant, you won't be able to create a conditional access policy. To do so, you will need to disable the security Defaults first. 

Since security defaults are currently enabled in your tenant, if you already register with MFA. You don't need to set up anything again.    

Feel free to reach out if you need further assistance.       

Best Regards, 
Harshitha Eligeti.