You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md
+16-3Lines changed: 16 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to use system-preferred multifactor authentication
4
4
ms.service: active-directory
5
5
ms.subservice: authentication
6
6
ms.topic: conceptual
7
-
ms.date: 03/31/2023
7
+
ms.date: 04/03/2023
8
8
ms.author: justinha
9
9
author: justinha
10
10
manager: amycolannino
@@ -27,7 +27,20 @@ After system-preferred MFA is enabled, the authentication system does all the wo
27
27
>[!NOTE]
28
28
>System-preferred MFA is a key security upgrade to traditional second factor notifications. We highly recommend enabling system-preferred MFA in the near term for improved sign-in security.
29
29
30
-
## Enable system-preferred MFA
30
+
## Enable system-preferred MFA in the Azure portal
31
+
32
+
By default, system-preferred MFA is Microsoft managed and disabled for all users.
33
+
34
+
1. In the Azure portal, click **Security** > **Authentication methods** > **Settings**.
35
+
1. For **System-preferred multifactor authentication**, choose whether to explicitly enable or disable the feature, and include or exclude any users. Excluded groups take precedence over include groups.
36
+
37
+
For example, the following screenshot shows how to make system-preferred MFA explicitly enabled for only the Engineering group.
38
+
39
+
:::image type="content" border="true" source="./media/concept-system-preferred-multifactor-authentication/enable.png" alt-text="Screenshot of how to enable Microsoft Authenticator settings for Push authentication mode.":::
40
+
41
+
1. After you finish making any changes, click **Save**.
42
+
43
+
## Enable system-preferred MFA using Graph APIs
31
44
32
45
To enable system-preferred MFA in advance, you need to choose a single target group for the schema configuration, as shown in the [Request](#request) example.
33
46
@@ -47,7 +60,7 @@ System-preferred MFA can be enabled only for a single group, which can be a dyna
47
60
48
61
| Property | Type | Description |
49
62
|----------|------|-------------|
50
-
|id| String | ID of the entity targeted. |
63
+
|ID| String | ID of the entity targeted. |
51
64
| targetType | featureTargetType | The kind of entity targeted, such as group, role, or administrative unit. The possible values are: 'group', 'administrativeUnit', 'role', 'unknownFutureValue'. |
52
65
53
66
Use the following API endpoint to enable **systemCredentialPreferences** and include or exclude groups:
0 commit comments