When you enable MFA, users need to register their MFA. You should be able to use the legacy per user MFA, you can turn on the security defaults (MFA for everyone), and/or you can use Conditional Access rules (you need Azure AD P2 licensing).
Will I lose some functionality or have some future issue if I enable using this method? What is meant in the Microsoft by legacy per-user auth? Normally legacy refers to something that is obsolete.Is using the legacy MFA tool the correct way to enable MFA for e-mail access? If so, will I be required to manually enable each new users?.Sorry for the long lead-in, but I wanted to provide the information I thought would be relevant. There is a step or step or function that I missed and need go back and do.The MS technician couldn't figure a better way and is just having me enable the authentication through the legacy method.Since it specifically had me turn off the legacy MFA and as far as I can tell never indicated that I should turn it back on using this tool. Opens a new windowis flawed and I need to report it. The technician is correct, and the documentation at.This makes no sense to me, and I figure there are just a few possibilities:
It has been over a week and the MS technician just got back to me after the ticket was escalated and told me to go in and turn on the per-user legacy authentication in the Exchange admin center. The e-mail login is not providing an MFA challenge after the initial device setup when I toggled Security defaults. MFA authentication is only active for Azure items such as accessing account information and making account changes.We ended up having to delete the entire HKCU/Software/Microsoft/Office/16.0/Outlook key from the registry to fix this. All of our Windows 10 users upon restart of their computers were prompted for a password on the standard Outlook username and password dialog and refused to accept the correct password.This failed miserably for us in two parts: A recap of the steps as I understand them: 1) Turn off Legacy per-user MFA, 2) From Azure Admin Center turn on Security Defaults 3) In 365 admin center turn on modern auth under Org settings, 4) have users register devices and continue happily being fully protected.Having heard that MFA was moved to the Azure admin console, I looked for MS current doc on this and found this:.In the past, I used the per-user MFA inside of the Exchange admin console for just administrators. I was setting up MFA for a clients entire tenant.Answers as I'm getting conflicting information from official MS documentation and a MSO support technician.
0 kommentar(er)
