About MFA enrollment policies
Use the Multifactor Policies tab to create and enforce policies for your chosen MFA factors and the groups that are subject to them. Sign-on policies determine the types of authentication challenges these users receive.
An MFA policy can be based on various factors, such as location, group definitions, and authentication type. It can also specify actions to take, such as allowing access or prompting for a challenge.
- Add a policy by going to Factor Enrollment and clicking Add Multifactor Policy.
- Change the order of policies, except the Default Policy, by dragging the bar on the blue policy name to a new location.
- The Default Policy: The default policy applies when no other policy has been set. It also immediately reflects the factors that you chose under the Factor Type tab.
Configure an MFA enrollment policy
App condition for MFA enrollment policies