What is the difference between Enabling and Enforcing MFA
Enabled Azure Multi-Factor Authentication by changing user states
This is the traditional approach for requiring two-step verification. All users that you enable perform two-step verification every time they sign in. Enabling a user overrides any conditional access policies that might affect that user. The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in.
Enforced Azure Multi-Factor Authentication
The user has been enrolled and has completed the registration process for Azure MFA.
Enabling Azure Multi-Factor Authentication with a conditional access policy
This is a more flexible approach for requiring two-step verification. It only works for Azure MFA in the cloud, though, and conditional access is a paid feature of Azure Active Directory. You can create conditional access policies that apply to groups as well as individual users. High-risk groups can be given more restrictions than low-risk groups, or two-step verification can be required only for high-risk cloud apps and skipped for low-risk ones.
Both options prompt users to register for Azure Multi-Factor Authentication the first time they sign in after the requirements turn on.
How to get a report of users and their MFA status
- From the Cayosoft Administrator console, click new Rule
- Click Show All Templates
- Click Office 365 Multi-factor Authentication (MFA) Status, then click click Next
- Click Create and Save Report, then click Next
- Click Finish, then click Run Rule
- When prompted save the rule, then confirm the report was started
- When the green balloon at the to right turns from Green to Blue the report is ready
- In the Navigation Tree click the Reports node
- Double click the new report to open it
Learn more about security in hybrid environments, check out our webinar, “3 Keys to Secure Hybrid Microsoft Management.”