We're using a hybrid model with on-premises Active Directory synchronized to Azure Active Directory. Recently, we've implemented a Conditional Access policy that mandates Multi-Factor Authentication (MFA) for all services, which works well through a security group. However, I'm looking to optimize the onboarding experience for new employees. Currently, our method is rather hands-on; we conduct mass meetings every two weeks to help new hires set up their authenticator apps before they're added to the MFA security group. This doesn't seem efficient. I'm curious if there's a more streamlined approach out there, like setting up a registration campaign or creating a separate security group for MFA. What methods have others found effective for this process?
5 Answers
Honestly, relying on IT to walk people through MFA setup seems inefficient. If the policy's in place, it might be better for managers to assist their teams. If it takes a group session just to set up an app, that feels like wasting precious time. Why not empower managers to help get their teams onboarded quickly?
Exactly! It should be seamless, and managers can be key in helping their teams get started.
One solution is to get HR to make sure MFA setup is part of the onboarding process on day one. That could really streamline things and solve the setup issue from the start!
I agree! All accounts should have MFA applied right from creation. When they log in initially, they'll get a prompt saying, "we need more information" and it’ll guide them through setting it up. If they struggle with that, their managers should step in. It’s a sign that they might need guidance in other areas too.
From what I've seen, applying MFA through a security group can lead to some users missing out if they don’t get included right away. Instead, it’s best to have MFA enforced for all accounts upon creation. This way, when new users log in for the first time, they will be prompted to set up MFA right off the bat. It helps avoid any confusion later on.
Starting new employees with MFA on day one actually saves more hassle. It’s easier for them to set it up from the get-go instead of postponing it for days. Plus, how are new hires getting their initial passwords? That needs to be clear from the start too!
I see your point, but the business wants to give new hires a little time to settle in before diving into MFA.