You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,14 +59,16 @@ Combined registration supports the authentication methods and actions in the fol
59
59
| Hardware token | No | No | Yes |
60
60
| Phone | Yes | Yes | Yes |
61
61
| Alternate phone | Yes | Yes | Yes |
62
-
| Office phone | Yes | Yes | Yes |
62
+
| Office phone*| Yes | Yes | Yes |
63
63
| Email | Yes | Yes | Yes |
64
64
| Security questions | Yes | No | Yes |
65
-
| App passwords | Yes | No | Yes |
66
-
| FIDO2 security keys<br />*Managed mode only from the [Security info](https://mysignins.microsoft.com/security-info) page*| Yes | Yes | Yes |
65
+
| App passwords*| Yes | No | Yes |
66
+
| FIDO2 security keys*| Yes | Yes | Yes |
67
67
68
68
> [!NOTE]
69
-
> App passwords are available only to users who have been enforced for Azure AD Multi-Factor Authentication. App passwords are not available to users who are enabled for Azure AD Multi-Factor Authentication by a Conditional Access policy.
69
+
> <b>Office phone</b> can only be registered in *Interrupt mode* if the users *Business phone* property has been set. Office phone can be added by users in *Managed mode from the [Security info](https://mysignins.microsoft.com/security-info)* without this requirement. <br />
70
+
> <b>App passwords</b> are available only to users who have been enforced for Azure AD Multi-Factor Authentication. App passwords are not available to users who are enabled for Azure AD Multi-Factor Authentication by a Conditional Access policy. <br />
71
+
> <b>FIDO2 security keys</b>, can only be added in *Managed mode only from the [Security info](https://mysignins.microsoft.com/security-info) page*
70
72
71
73
Users can set one of the following options as the default multifactor authentication method.
72
74
@@ -140,7 +142,7 @@ A user who hasn't yet set up all required security info goes to [https://myaccou
140
142
141
143
### Set up other methods after partial registration
142
144
143
-
If a user has partially satisfied MFA or SSPR registration due to existing authentication method registrations performed by the user or admin, users will only be asked to register additional information allowed by the Authentication methods policy. If more than one other authentication method is available for the user to choose and register, an option on the registration experience titled **I want to set up another method** will be shown and allow the user to set up their desired authentication method.
145
+
If a user has partially satisfied MFA or SSPR registration due to existing authentication method registrations performed by the user or admin, users will only be asked to register additional information allowed by the Authentication methods policy settings when registration is required. If more than one other authentication method is available for the user to choose and register, an option on the registration experience titled **I want to set up another method** will be shown and allow the user to set up their desired authentication method.
144
146
145
147
:::image type="content" border="true" source="./media/concept-registration-mfa-sspr-combined/other-method.png" alt-text="Screenshot of how to set up another method." :::
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments