How to enable MFA when creating a new user

Summary: When you create new hybrid users, you might want to enable Multi-Factor Authentication (MFA) for them by default. This article explains how to configure this scenario.

Applies to: Cayosoft Administrator 5.1.0 or later

Overview

To enable MFA when creating a new hybrid user, you should do the following:

1. Create a new Office 365 Users | Enforce Multi-Factor Authentication (MFA) rule:

2. Open Query Filters section.

3. In the DisplayName/Email starts with set this value:

   Copy

   { $usrch = (GetSessionParameter "Office365CreatedUser"); if([string]::IsNullOrWhiteSpace($usrch)){ "nosuchuserinmyorg@myorg.onmicrosoft.com" }else{ $usrch } }.InvokeReturnAsIs()

4. Click Save Changes.

5. Navigate to Configuration > Web Portal > Web Actions > Active Directory > New User.

6. Enable Design Mode.

7. Add the Office 365 Users | Enforce Multi-Factor Authentication (MFA) rule to the Rules to run after this rule section in the New User action after the New User | Create Office 365 User rule. Learn more in: How to configure one rule to run after another rule or a web action

   

8. Click the Edit... button and in the opened dialog set Behavior > Execute if (condition) field to:

   Copy

   ($MailBoxType -eq 2 -or $MailBoxType -eq 3) -and ((GetSessionParameter "CreatedObjectGUID") -ne $null)

   

9. Close all dialogs and click Save Changes.