![]() ![]() Then select Email for option 2 and complete that. Then complete the phone verification as it used to be done. For option 1, select Phone instead of Authenticator App from the dropdown. Indeed a non-MFA GA account is needed for hybrid operation as well as for any 3rd party services that need access to the 365 tenant.Īnyhow, the solution is to ignore the initial presentation of the setup. These force use of MFA for all accounts, despite Microsoft's own recommendation to have at least one GA account not using MFA in case of MFA issues. Just more nonsense from unskilled product managers and developers with little experience of the real world and zero common sense. Indeed it's designed to make you think you have to set it up. It still allows a user to setup MFA even when it's disabled on the account in Azure. The combined approach is highly confusing when not wanting MFA. If MFA was enabled, they'd be prompted to setup MFA. Prior to this change, if you had self-service password reset enabled, on first login users would be prompted to setup a recovery phone and email. They've basically combined MFA setup with account recovery setup. This is all down to a new and ill-conceived UI from Microsoft.
0 Comments
Leave a Reply. |