Share via

Avoid switching to Enforced after enrolling

Miguel Angel 21 Reputation points
2020-01-08T22:08:05.037+00:00

Hello

We are starting to use MFA in our company, but we do not want to use Enforced method, only the Enabled. I understand that after the registration users switch to Enforced, but how can i avoid that? Even if i register the phone for them before their first time login it will do the registration and it switch to enforced.

Please provide a little guidance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,990 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manoj Reddy 406 Reputation points Microsoft Employee
    2020-01-09T06:31:17.01+00:00

    Hi,

    I am afraid it's not feasible to get MFA to work in just enabled mode. However, We recommend using Conditional Access policies to trigger MFA.

    With CA policies, you can control in which scenario, the user should be prompted for MFA and users will be prompted accordingly. I would recommend going through this doc to understand more about CA policy and how to create them.

    0 comments
  2. Miguel Angel 21 Reputation points
    2020-01-09T18:36:02.853+00:00

    I guess then i did the incorrect question, is the Enforced Method the one that is forcing the apps to have a custom password? Because that is what we do not want to use in particular, we want to keep using the Domain password of the user account

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.