How can we improve Azure Active Directory?

User Opt-In to Azure MFA with Office 365

We have enabled MFA at our Office 365 tenant, but requires Admins to enable users. For organizations that would like to phase MFA in for their users, it would be nice for users to self opt-in sort of like they do with personal email accounts. Then over time, administrators can "require" MFA by a certain date for users holding out. One way to handle this is to include a link for the end user under user settings to "Sign up for Multi-Factor Authentication". Right now, nothing appears under a users security settings until they are enabled by an administrator. Thx!

48 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Lance Hundt shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

11 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    It would be cool if a user can be “nudged” to use it in configureable intervals.
    Such as every 90 days.
    User should be always have the option to do “more security” if he is willing.

  • David Hart commented  ·   ·  Flag as inappropriate

    This can be easily implemented by having a conditional access policy that enforces MFA, tied to an Azure AD Security Group.

    Turn on AAD Self Service Group Management for that group, and allow users to request to join it.

  • Eric Zack commented  ·   ·  Flag as inappropriate

    This would be a fantastic feature to have in a edu environment. Allowing students to opt in without forcing them would greatly help us.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This a must-have feature for MFA. All major MFA/identity providers have this feature, not sure why MS has skipped this. Without this feature, an enterprise scale implementation is too challenging and disruptive for the business.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This would be an awesome feature to have. Google currently have this for gapps, but in an organsation that has 10,00+ users, this would be easy to manage. Up this!!

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is something offered by other services such as google, it would be great if Microsoft incorporated this feature.

  • William Rizk commented  ·   ·  Flag as inappropriate

    I currently work for an organisation that houses 200,000 users and would love if this feature was available!

    Microsoft can ad this feature as part of the conditional access conditions; Allow users to Opt-In: Yes, No.

  • [Deleted User] commented  ·   ·  Flag as inappropriate

    I agree! my company is in the process of rolling out Azure AD MFA and we are trying to solve this issue. Surprised that Microsoft has not built this into the product.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is actually a really big want and I'm surprised more admins haven't commented. Enrolling in MFA for many end users is a complicated and confusing process and many end users would prefer to enroll at opportune times when IT assistance is within reach or when they have sufficient time that enrolling might not interrupt important deadlines.

    We are currently discussing setting up some sort of system of our own to try and let end users decide when to enroll, but it will result in many more IT man hours for us, whereas a simple opt-in choice in O365 would greatly simplify that.

Feedback and Knowledge Base