MSPMagic > Knowledge > Policy Docs > Conditional Access > CA-ID01: Securing security info registration
CA-ID01: Securing security info registration
Introduction
Secure when and how users register for Azure AD multi-factor authentication and self-service password
Targets
This policy will target all accounts in the tenant, excluding guest users and global administrators
User Impact
HIGH
All users will only be able to configure MFA from the Trusted Locations configured in their Tenants
* Prior to Enabling this policy you MUST create Trusted Locations or users who do not have MFA configured will be locked out of their accounts
Basics
Template Category: Identity Protection
Assignments
Users and Groups
| Includes | – All Users |
| Excluded Users | – All guest and external users |
| Excluded Directory Roles | – Global administrator |
Cloud Apps or actions
| User Actions | – Register security information |
Conditions
Locations
| Included | – Any Location |
| Excluded | – All Trusted Locations |
Access Controls
Session
| Grant | – Require multi-factor authentication |