Comments on: Managing the Entra ID Registration Campaign for Stronger Authentication

By: Tony Redmond

Tony Redmond — Mon, 25 Sep 2023 10:38:45 +0000

In reply to Christian. You can disable the option. If you enable it again, the campaign will restart. See the Microsoft documentation linked to in the article.

By: Christian

Christian — Mon, 25 Sep 2023 07:18:41 +0000

Can you please clarify, if there is a way to force the registration campaign or it is something managed by Microsoft only and we can enable or disable this option.
And when you disable it and then after a while you re-enable it what happens? the registration campaign has a duration?
thank you

By: Tony Redmond

Tony Redmond — Mon, 18 Sep 2023 21:30:08 +0000

In reply to Ian M. Caldwell. Can they use Authenticator Lite in Outlook mobile? If the accounts are really unable to use phone-based authentication, can they use FIDO keys or Windows Hello with their workstations? They'll still need to be excluded from the registration campaign (which is designed to drive increased use of the authenticator app), but they would have a stronger authentication method to use.

By: Ian M. Caldwell

Ian M. Caldwell — Mon, 18 Sep 2023 13:58:52 +0000

Thanks Tony! We have at least a few users who did not appreciate the change so I have added them to the excluded list. Any thoughts on users that cannot or will not use a private phone for the MFA app? Providing work phones just to support MFA is expensive… or cheap Android phones that get lost or hacked does not seem to be a security improvement. Is it the Microsoft Authenticator app or bust?