Navigating Microsoft MFA Changes for Exempt Employees

By
Keven Krok
-
0
39
Asked By TechWanderer2023 On

Hey everyone, Microsoft is retiring its legacy MFA at the end of the month, and while I thought I had everything ready to switch over, I've hit a snag. We have over 100 part-time employees who only access email on their phones or company tablets. They currently don't need MFA due to our Conditional Access policy, meaning they only log in with a password for now. However, I just heard from Microsoft that even users who are exempt from MFA will still need to be registered for it, or they'll be prompted when they log in. Given that many of these employees aren't very tech-savvy, I'm worried this could create a lot of chaos. Has anyone faced a similar situation? Is this really how it's going to be, and what can I do about it?

5 Answers

Answered By ManagementGuru88 On

Honestly, it's 2025; if you haven’t equipped your less tech-savvy users with MFA yet, that’s a big oversight. The ones who are less tech-savvy are often the ones who need it the most! You might want to consider updating your employee handbook to say they might have to use personal devices for free MFA options, just to prepare them for this change.

Answered By SystemOverlord007 On

From what I’ve found, the registration exceptions that you’re dealing with are linked to the Entra P2 license. It’s worked for one of our tenants, but the other ones still struggle with registration. It’s frustrating because while security is essential, it can really complicate things.

Answered By MFA_Ninja123 On

If they're just using email on their phones, you might want to look into scoping them for passkeys via Microsoft Authenticator, or setting up a QR code authentication method. That could make the transition smoother.

Answered By HelpfulClarifier On

Wait, when you say Microsoft informed you, do you mean your Customer Success Manager reached out? You might want to clarify that. The registration campaign for MFA has specific guidelines. If your Conditional Access policy is set to exempt those users and the registration campaign is disabled, they shouldn't be prompted to register.

Answered By DirectApproach92 On

When you talk to management, you should emphasize that to continue using this platform, MFA implementation is necessary. Provide them with options and ask which path they want to take. Being upfront about Microsoft's direction might push them to make a decision!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.