User Opt-In to Azure MFA with Office 365
We have enabled MFA at our Office 365 tenant, but requires Admins to enable users. For organizations that would like to phase MFA in for their users, it would be nice for users to self opt-in sort of like they do with personal email accounts. Then over time, administrators can "require" MFA by a certain date for users holding out. One way to handle this is to include a link for the end user under user settings to "Sign up for Multi-Factor Authentication". Right now, nothing appears under a users security settings until they are enabled by an administrator. Thx!
Rick Barnes commented
Amazing that this idea was proposed almost 4 years ago and not implemented. We get too much push back to force it on for everyone, but it would be great to allow people to choose to be more secure without requiring an Admin to manually intervene.
Much needed functionality! This allows a true soft-launch as well as allowing users in some groups (such as students) to opt in where enforcement is not possible.
Fabbris Christian commented
What a surprise, discovering users registered on aka.ms/mfasetup are not MFA Enable. They have to call Service Desk asking to be enabled. What are you waiting for ?
It should be enough to allow this option on specific groups, in ordser to allow to the member complete, when they want, the MFA authentication through the site MFASETUP.
Is there a way to use conditional access policy ? I mean all the users completing the registration on aka.ms/mfasetup will be able to self-enable at the next login, without calling Service Desk.
Jeff Johnson (IT) commented
We are going department by department where we feel it is needed, but yes allowing self enroll for other areas would be great!
This is essential and has been lacking in the mfa area.
Please get this feature on the roadmap ASAP
Adam Mackres commented
Yes please, about time Microsoft get this sorted.
Ivan Hemrich commented
Please MS, do it :)
John Hayward commented
It would be cool if a user can be “nudged” to use it in configureable intervals.
Such as every 90 days.
User should be always have the option to do “more security” if he is willing.
David Hart commented
This can be easily implemented by having a conditional access policy that enforces MFA, tied to an Azure AD Security Group.
Turn on AAD Self Service Group Management for that group, and allow users to request to join it.
Eric Zack commented
This would be a fantastic feature to have in a edu environment. Allowing students to opt in without forcing them would greatly help us.
Managing nearly 1000 seats, this would be a god send!
This a must-have feature for MFA. All major MFA/identity providers have this feature, not sure why MS has skipped this. Without this feature, an enterprise scale implementation is too challenging and disruptive for the business.
This would be an awesome feature to have. Google currently have this for gapps, but in an organsation that has 10,00+ users, this would be easy to manage. Up this!!
This is something offered by other services such as google, it would be great if Microsoft incorporated this feature.
This would be great!
William Rizk commented
I currently work for an organisation that houses 200,000 users and would love if this feature was available!
Microsoft can ad this feature as part of the conditional access conditions; Allow users to Opt-In: Yes, No.
[Deleted User] commented
I agree! my company is in the process of rolling out Azure AD MFA and we are trying to solve this issue. Surprised that Microsoft has not built this into the product.
This is actually a really big want and I'm surprised more admins haven't commented. Enrolling in MFA for many end users is a complicated and confusing process and many end users would prefer to enroll at opportune times when IT assistance is within reach or when they have sufficient time that enrolling might not interrupt important deadlines.
We are currently discussing setting up some sort of system of our own to try and let end users decide when to enroll, but it will result in many more IT man hours for us, whereas a simple opt-in choice in O365 would greatly simplify that.