Set MFA enabled as default for new users
Hi
Is there a way to default enable MFA when creating a new user?
Best regards
Niklas
-
To enable MFA when creating a new user, you should do the following:
1. Create new Office 365 Users | Enforce Multi-Factor Authentication (MFA) rule
2. Open Query Filters section
3. In DisplayName/Email starts with set this value: {$tmpV=(GetSessionParameter 'Office365CreatedUser');if([string]::IsNullOrWhiteSpace($tmpV)){"TMP3A76F199A1C04BD6824C3C8A58F1852C"}else{"$tmpV"}}.InvokeReturnAsIs()
4. Click Save Changes
5. Navigate to HOME > CONFIGURATION > Web Interface > Web Actions > Active Directory > New User
6. Enable Design mode https://support.cayosoft.com/hc/en-us/articles/360010342572
7. Add Office 365 Users | Enforce Multi-Factor Authentication (MFA) rule to Rules to run after this rule section in New User action https://cayosoft.zendesk.com/hc/en-us/articles/360018539692 after New User | Create Office 365 User rule
8. Select the Office 365 Users | Enforce Multi-Factor Authentication (MFA) rule in the Specify rules to run list, click Edit.., expand the Behavior section and set the Execute If condition setting to the following condition: ($MailBoxType -eq 2 -or $MailBoxType -eq 3) -and ((GetSessionParameter "CreatedObjectGUID") -ne $null)
9. Click Save changes
-
Hi Niklas!
So, you configure the rules as described above, create a new AD user in Web Portal, then you find the matching account in MS Office 365 > Active Users query, open MFA settings, and MFA should be enabled.
If it doesn't work in your environment, please, enable logging, create the user and send us the log to cayosoft@support.com
Tatiana
-
Hi, Tatiana!
It seems like the rule (described above) sometimes run on all users even though it is triggered by the "New user" action. It should only run on the account that it is creating. We discovered this when the AD Sync stopped as the service account got MFA enabled. Not so good.
Can we in some way secure that that won't happen again?
Best regards
Niklas
Please sign in to leave a comment.
Comments
6 comments