What is the difference between Enabling and Enforcing MFA

What is the difference between Enabling and Enforcing MFA

Enabled Azure Multi-Factor Authentication by changing user states

This is the traditional approach for requiring two-step verification. All users that you enable perform two-step verification every time they sign in. Enabling a user overrides any conditional access policies that might affect that user. The user has been enrolled in Azure MFA, but has not registered. They receive a prompt to register the next time they sign in.

Enforced Azure Multi-Factor Authentication 

The user has been enrolled and has completed the registration process for Azure MFA.

Enabling Azure Multi-Factor Authentication with a conditional access policy

This is a more flexible approach for requiring two-step verification. It only works for Azure MFA in the cloud, though, and conditional access is a paid feature of Azure Active Directory. You can create conditional access policies that apply to groups as well as individual users. High-risk groups can be given more restrictions than low-risk groups, or two-step verification can be required only for high-risk cloud apps and skipped for low-risk ones.

Both options prompt users to register for Azure Multi-Factor Authentication the first time they sign in after the requirements turn on.

 

How to get a report of users and their MFA status

  1. From the Cayosoft Administrator console, click new Rule
  2. Click Show All Templates
  3. Click Office 365 Multi-factor Authentication (MFA) Status, then click click Next
  4. Click Create and Save Report, then click Next
  5. Click Finish, then click Run Rule
  6. When prompted save the rule, then confirm the report was started
  7. When the green balloon at the to right turns from Green to Blue the report is ready
  8. In the Navigation Tree click the Reports node
  9. Double click the new report to open it

Note: Office 365 and Hybrid Office 365 Reporting is a free solution from  Cayosoft – go here for more details