MFA Registration Campaign Modification

This guide will show an administrator how to modify the existing MFA registration policy in the case of misconfiguration by an administrator.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Entra ID Security MFA Registration Campaign Modification

1. Navigate to the Registration campaign – Azure Active Directory portal, locate and select the Edit action.
   
2. The listed security controls should be available for modification once the action above has been selected, once the desired modifications have been made, select Save to update the registration campaign policy.
   1. The State contol can be modified to either Enabled which will generate a registration campaign for all users, Disabled which will not prompt a registration campaign for any users, or Microsoft Managed (default) which will enable resgitration campaign only for voice call or text message users.
   2. The Days allowed to snooze control can be modified to reflect the number of days a user is allowed to access resources without registering the desired authentication methods before they are re-prompted with another registration campaign.
   3. The Limited number of snoozes control can be modified to either Enabled which will allow users to skip the registration prompts 3 times before they are forced to register authentication methods, or Disabled which will allow a user an unlimited number to skip registration prompts which will allow them to avoid registering authentication methods.
   
3. The purpose of this procedure is not a recommendation to modify this security controls as a necessity, but rather this operation being available in the case of a misconfiguration (intentional or not) of this critical security policy.

Need Assistance?