users want to set up the MFA Setup Wizard later
In the MFA release plan of a large company, thousands users are impossible to actually "force" from the day.
So, the user needs a period which setting for the MFA can be skipped, before force setting period.
In the period, it provide a selection such as "set up later" in the MFA setting wizard at the initial sign-in.
if someone did not have a mobile device on that day,
if someone wants to ask questions about MFA, etc...
they can not access any Office 365.
becouse, even if you set a policy to skip MFA on the LAN, the MFA Setup Wizard will be forced.
As a result, Organization is subjected to a large negative impact!
UK Hoverboards commented
HOVERBOARD open Online with 1 year guarantee from HOVERBOARDS UK. We are selling guaranteed HOVERBOARD that are totally protected to ride.
We've developed a suite of premium Outlook features for people with ... Want to install a HTML email signature on your iPhone, iPad or Android Mobile,Setting up MFA for RADIUS is a requirement for this Hi, I'm trying to setup.
Dusty Snider commented
Yes Microsoft absolutely needs this option. I just got into a long discussion with an engineer in Washington that setting the user to "Enabled" and having them be forced to do setup MFA before they can login the next time is not feasible in a large rollout.
My planned "unsupported" workaround:
Send out email to all users with this link https://aka.ms/MFASetup asking them to register their device.
Wait a period of 2-4 weeks for any questions about MFA and to register.
Use powershell scripts in this link to see how many people have "pre-registered" - https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-manage-reports
Once above script confirms a decent "pre-registered" state, email everyone to remind them the change is coming and will be mandatory. Wait a few more days.
Change users from Disabled to Enabled in Azure MFA.
Users will simply be prompted on their "pre-registered" device for MFA without having to go through the initial setup like they would have if you "cold-turkey" enabled them. All people who ignored emails will be forced by IT has done the CYA about the rollout by communicated to everyone.
If above works I'll submit my resume to Microsoft since they are obviously in need of people who have actually rolled out technology to the masses before.