0 votes

I don't know if this is achievable but.... we want to see if we can automatically enrol users for Azure SSPR/MFA as soon as a mobile/cell number is added to their AD account. I can trigger workflow OK but the question is how to push out a change into AAD that adds the user to the SSPR/MFA policy?

Seems that MS have deliberately disabled this being based on AD group memberships and now is based on AAD policies - with the intention that this is managed directly through AAD.

So wondering if it's possible to do this from the AD side somehow?

Many thanks

by (310 points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello Bernie,

Currently, Microsoft recommends using conditional access to enforce MFA on a per-group basis. The following article should be helpful: https://docs.microsoft.com/en-us/azure/ ... ess-policy.

Related questions

0 votes
1 answer

Aiming to go passwordless, this is a must-have

asked Aug 30, 2023 by JM (20 points)
0 votes
1 answer

Our organisation is planning to use Adexes for user creation and modification including helpdesk password resets. However, we also have an AAD with federated authentication back to ... Adexes and am wondering if this could cause any issues? Many thanks, Bernie

asked Aug 11, 2019 by Bernie (310 points)
0 votes
1 answer

Hi When reading the REST API documentation it does not mention working directly against Azure AD and Exchange Online. Will this be added? Thanks /Peter Sonander

asked Jan 26, 2023 by Sonander (40 points)
0 votes
1 answer

Hello, The report named Inactive users allowed to log in shows the Active Directory sign-in (Last-Logon-Timestamp) and Azure AD sign-in (Last Logon) but only for Active Directory ... updated by an Azure logic App. But we'd love to have this natively in Adaxes.

asked Dec 13, 2022 by Gavin.Raymen (40 points)
0 votes
1 answer

If we want to obtain the Object ID for the corresponding 365 object of a user, we would use the logic: [Guid]$Context.TargetObject.Get("adm-O365ObjectId") -if ... definitively belongs to an on-premises Active Directory domain or a cloud Azure AD domain?

asked Dec 12, 2022 by Viajaz (210 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users