Introduction #
Secure when and how users register for Azure AD multi-factor authentication and self-service password
Targets #
This policy will target all accounts in the tenant, excluding guest users and global administrators
User Impact #
HIGH
All users will only be able to configure MFA from the Trusted Locations configured in their Tenants
* Prior to Enabling this policy you MUST create Trusted Locations or users who do not have MFA configured will be locked out of their accounts
Basics #
Template Category: Identity Protection
Assignments #
Users and Groups
Includes | – All Users |
Excluded Users | – All guest and external users |
Excluded Directory Roles | – Global administrator |
Cloud Apps or actions
User Actions | – Register security information |
Conditions #
Locations
Included | – Any Location |
Excluded | – All Trusted Locations |
Access Controls #
Session
Grant | – Require multi-factor authentication |