MSPMagic > Knowledge > Policy Docs > Conditional Access > CA-ID01: Securing security info registration
CA-ID01: Securing security info registration
Introduction
Secure when and how users register for Azure AD multi-factor authentication and self-service password
Targets
This policy will target all accounts in the tenant, excluding guest users and global administrators
User Impact
HIGH
All users will only be able to configure MFA from the Trusted Locations configured in their Tenants
* Prior to Enabling this policy you MUST create Trusted Locations or users who do not have MFA configured will be locked out of their accounts
Basics
Template Category: Identity Protection
Assignments
Users and Groups
| Includes | – All Users |
| Excluded Users | – All guest and external users |
| Excluded Directory Roles | – Global administrator |
Cloud Apps or actions
| User Actions | – Register security information |
Conditions
Locations
| Included | – Any Location |
| Excluded | – All Trusted Locations |
Access Controls
Session
| Grant | – Require multi-factor authentication |
Recent Posts
- MSPMagic’s Templates for Microsoft Endpoint Manager (Intune) Policies and Best Practice Settings
- Release Update – November 2022
- MSPMagic’s Pre-Made Policies for Microsoft Endpoint Manager (Intune)
- Release Update – October 2022
- COMP-DV05: Windows 10 and later Microsoft Defender for Endpoint Enabled and Clear of Risks