Azure-docs: 14-day period (Unified Multi-Factor Authentication registration)

Created on 18 Nov 2019 · 5Comments · Source: MicrosoftDocs/azure-docs

When I choose CA to activate this security defaults, and I follow the tutorial, will the 14-day period be activcated?
As far as I know, this is only enabled by enabling the baseline CA policy "end user protection", or by using Azure AD Identity protection.....

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: cfac0ecf-e5a9-c5ff-f8c2-ce27789708f5
Version Independent ID: 0f5e0cc9-a54f-a5c8-192d-d60a6a4db3ff
Content: Azure Active Directory security defaults
Content Source: articles/active-directory/conditional-access/concept-conditional-access-security-defaults.md
Service: active-directory
Sub-service: conditional-access
GitHub Login: @MicrosoftGuyJFlo
Microsoft Alias: joflore

Pri1 active-directorsvc conditional-accessubsvc cxp product-question triaged

Source

BakkerJan

Most helpful comment

Yes security defaults will trigger a 14 day grace period for registration after a user's first login and security defaults being enabled. After 14 days users will be required to register for MFA and will not be able to skip.

Conditional Access by itself without Azure Identity Protection does not allow for the 14 day grace period. Identity Protection includes the registration policy that allows registration on its own with no apps assigned to the policy. If a Conditional Access policy requires Multi-Factor Authentication then the user must be able to pass that MFA request.

Security defaults and Identity Protection just give Administrators a path to help users get registered before they need to use MFA.

MicrosoftGuyJFlo on 18 Nov 2019

👍2

All 5 comments

@BakkerJan Thanks for your feedback! We will investigate and update as appropriate.

FrankHu-MSFT on 18 Nov 2019

Security defaults and Identity Protection just give Administrators a path to help users get registered before they need to use MFA.

MicrosoftGuyJFlo on 18 Nov 2019

👍2

@MicrosoftGuyJFlo Thanks for the explanation. I was aware of this, but the sentence _"Here are step-by-step guides on how you can use Conditional Access to configure equivalent policies"_ can cause some confusion. There should be a note that you need Identity Protection in order to get the 14 days grace period, right?

BakkerJan on 19 Nov 2019

How about I add a link to the Identity Protection policy there with a this requires Azure AD Premium P2 licensing note? https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy

MicrosoftGuyJFlo on 19 Nov 2019

That’ll do😁. thanks John!

Get Outlook for iOShttps://aka.ms/o0ukef

From: John Flores notifications@github.com
Sent: Tuesday, November 19, 2019 10:20:01 PM
To: MicrosoftDocs/azure-docs azure-docs@noreply.github.com
Cc: Jan Bakker janopurk@live.nl; State change state_change@noreply.github.com
Subject: Re: [MicrosoftDocs/azure-docs] 14-day period (Unified Multi-Factor Authentication registration) (#43034)

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/azure-docs/issues/43034?email_source=notifications&email_token=AJI3536SCR45MDAKSXOEWP3QURKADA5CNFSM4JOU64IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEPZ2KI#issuecomment-555719977, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJI3532GWH3X4EOFVCAJ3MDQURKADANCNFSM4JOU64IA.

BakkerJan on 19 Nov 2019

Was this page helpful?

0 / 5 - 0 ratings