Block Azure MFA (cloud) Enrollment from External Networks
I feel like I have been to the end of Google and back and thought I'd just reach out to this feedback hub.
We would love the ability to block Azure MFA (cloud) enrollment from external networks with Azure Conditional Access Policies or another method.
It doesn't look like the "MFA Setup" page is a "Cloud App" to build conditions on...
My other thought is the ability to build out a dynamic group based on if a user has enrolled, but the Azure Dynamic group queries seem limited at this point.
need this yesterday.
I agree with "Luke commented · January 21, 2019 3:20 AM " - its a massive loophole.
This is a must for this to be a viable solution
We also require this functionality to avoid the scenarios listed already.
Agree with the above - we need a way of stopping an attacker who phishes credentials from registering MFA before the employee does.
agree, this is a function we have been looking. If a user does not enroll in MFA there is nothing to stop a compromised account from enrolling on their behalf.