locked
Difference between Require MFA vs Require Azure MFA Registration in Azure Identity Protection RRS feed

  • Question

  • 

    Hello, there I would like to get a good understanding the difference between the two when configuring Azure Identity Protection.

    Thank you

    Monday, September 18, 2017 9:10 AM

Answers

  • The same control to require MFA, require MFA registration or require password reset is used in multiple places, but not all of the options are available in each place. The "Require MFA registration" control is only available when creating an MFA registration policy. The "Require MFA" control is only available when creating a sign-in risk policy, and the "Require password change" control is only available when creating a user risk policy. The only other control is that you can block access in the sign-in and user risk policies instead of granting access with these controls. All of the other controls are grayed out when not available based on the type of policy being created.
    Wednesday, September 20, 2017 7:45 PM

All replies

  • How are you getting to this screen?  I do not see it anywhere in my Azure AD account (but I do not have premium AD turned on)..

    Gary A. Bushey

    Monday, September 18, 2017 10:32 AM
  • Hi Gary,

    You'll see that when you are configuring AADIP (Identity Protection).

    Wednesday, September 20, 2017 5:15 AM
  • The same control to require MFA, require MFA registration or require password reset is used in multiple places, but not all of the options are available in each place. The "Require MFA registration" control is only available when creating an MFA registration policy. The "Require MFA" control is only available when creating a sign-in risk policy, and the "Require password change" control is only available when creating a user risk policy. The only other control is that you can block access in the sign-in and user risk policies instead of granting access with these controls. All of the other controls are grayed out when not available based on the type of policy being created.
    Wednesday, September 20, 2017 7:45 PM