Best Way to Set Up Laptops for New Starters with 2FA Issues

0
17
Asked By CuriousSky44 On

I'm looking for some guidance on provisioning laptops for new employees. Traditionally, we would pre-sign them into their Microsoft Office accounts to ensure everything worked smoothly when they received their laptops. However, about a year ago, Microsoft changed things, and now every new user we create is forced into 2FA right from the first sign-in, despite their accounts showing that 2FA is disabled. Because of this, we had to stop the pre-sign-in process. After some recent digging, I discovered that I can disable the forced 2FA by going to Entra ID settings and turning off security defaults. I've never dealt with Entra before when managing our Office accounts through the standard admin portal. I'm concerned about what turning off security defaults might affect. Is there a better way to pre-sign into Office when setting up laptops for new starters?

5 Answers

Answered By ITWizard101 On

One effective approach is to allow MFA bypass when users are signing in from your office. You can complete most setups beforehand, and they only need to deal with MFA on external logins.

Answered By OfficeGuru77 On

If you can use TAP, that’s a solid solution. Also, you might want to look into conditional access policies. They can help manage MFA without disabling security defaults.

Answered By SystemNinja On

It’s really essential to manage things with TAP along with a registration campaign for new users. You can target a specific dynamic group to streamline the process.

Answered By TechSavvyNerd On

Have you considered using a Temporary Access Pass (TAP)? It allows you to set up laptops without needing to sign in with the user's credentials. It might save you from the hassle of the 2FA issue altogether.

Answered By AdminBoi98 On

Definitely avoid turning off MFA entirely. The TAP method is the right way to go if you need to bypass it temporarily. Just make sure they've registered a token after their first sign-in.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.