

The Trusted IPs range is useful for allowing users to skip MFA if they’re on your corporate network. (App passwords refers to apps unaware of MFA, for more info: ). The Service Settings pane gives us two important settings: Trusted IPs, and Verification Options. What happens if we set up a Conditional Access policy for a disabled user? Let’s come back to this idea after we’ve reviewed the other settings. In the following screenshot, note that every user account is Disabled, except one that is Enforced. There are some caveats (trusted IPs from the service settings won’t require MFA) but it’s worth noting that Microsoft recommends leveraging Conditional Access to require MFA instead. The main thing to note here are that enabling a user on this setting pane enacts a policy that forces users to use MFA every time they log in. (For more info on per-user MFA, check out: ). This is poorly named (in my opinion), because it is referring to which users are enabled for per-user MFA. Here, you can configure which users are enabled for MFA. So in this post, let’s cover the settings we can configure and how to ensure our users have an optimal experience.įirst, head over to the Azure portal, open Azure Active Directory, and then click Multi Factor Authentication: MFA option


In fact, it’s already enabled in your environment. What’s great about Azure MFA is that it’s particularly easy to set up.
