How to granularly enable Multi-Factor Auth based on the system and not the user?

Hi,
we are using Azure AD to federate some cloud services. We want to deploy Azure MFA to some of them, but not all. In particular, we don't want MFA for o365.
How can I force MFA depending of the service ?
Regards,
John

Hi,
I think you may ask in:
https://social.msdn.microsoft.com/Forums/en-US/home?forum=windowsazureactiveauthentication&filter=alltypes&sort=lastpostdesc
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • Is multi-factor auth required for self-service password reset and portal registration?

    Hi, hoping someone can give some clarity on this.  I'm dealing with strictly online accounts, no AD sync to local servers.  I have enabled and configured self-service password reset in AzureAD.  In that config I have required users to register
    their alt contact info when logging into the portal.  While testing this, I don't get prompted to register unless I've enabled multi-factor auth for the test user account.  I need users to register in case they need to use SSPR, but I don't want
    to force them into MFA.  I've gone over the following article and it says nothing about requiring MFA for SSPR or forced portal registration to work.
    https://msdn.microsoft.com/en-us/library/azure/dn683881.aspx
    I know there is a separate link for the registration portal that will guide users through the process, but that's a separate link.  Maybe they'll set it up, maybe they won't.  I'd like for the first sign-on to be a smooth process that gets them
    set up for SSPR if needed.  Can someone clarify and point me in the right direction? Thanks.

    Hey acook15,
    I work on the password reset engineering team.  Right now, you are correct, you cannot enforce registration for password reset during first sign in.  This is a feature that we are working on right now, which will be available very soon for sign
    ins to Azure, your connected apps, and the access panel, and will come a bit later for Office 365 sign ins, as well.
    In the interim, you can configure SSPR to require users to register when they access the access panel at myapps.microsoft.com by following the instructions here: http://aka.ms/customizesspr (search for "Require users to register when signing in to the
    access panel?").  
    You can also read more about other ways to get SSPR data in the system for your users here: http://aka.ms/ssprbestpractices.  Let me know if this helps, and if you need to get in contact with me, feel free to email me at [email protected] 
    Regards,
    Adam.
    Adam Steenwyk | Senior Program Manager | [email protected]

  • How to create a service entry sheet based from the PO

    how to create a service entry sheet based from the PO
    Gurus,
    I am creating a service entry sheet from the PO but I am getting an error of u201CPlease maintain services or limits Message no. SE029- Diagnosis(You cannot enter data until the PO item has been maintained correctly) u201C
    The document type of the PO is standard NB, account assignment category is Q- (Proj make to order) and the item category is D(service). Then I am trying also create a PR using account assignment category is Q- (Proj make to order) and the item category is D(service) but still cannot proceed, a message asking me to enter a service entry number. What I know the process is create a PO(maybe based from PR) then post the GR then create a service entry sheet in ML81N but I cannot proceed. Just creating a PR or PO using those mentioned account assignment and item category and getting an error of need to enter a service entry sheet number.
    Please help.thanks!

    HI,
    Process for Creating Service Entry Sheet
    Transaction Code :    ML81N
    1)To open the respective Purchase Order, Click on the u2018Other Purchase Orderu2019, then enter the Purchase Order No.
    2)Click on the u2018Create Entry Sheetu2019 icon(3rd Icon on Top-Left)
    3)Give Short Text (e.g. R/A Bill No. 1) and top service entry sheet number also generated.
    4)Click u2018Service Selectionu2019 Icon on the Bottom of the Screen.
    5)For the 1st Time, when we are making Service Entry Sheet for a respective Purchase Order, we need to u201CAdopt Full Quantityu201D by clicking the Check box next to it, then Enter.  (*For the next time, no adoption is required, just continue)
    6)Select the respective Services by clicking on the Left Hand Side, then Click u2018Servicesu2019 (Adopt services) icon on the Top.
    7)Give the completed Quantity, then Click u2018Acceptu2019 icon(a green flag on the top)
    8)Save .
    9)Service Entry Sheet is SAVED and account posting made.
    Hope, it is useful for you,
    Regards,
    K.Rajendran

  • I have my photos on an eternal USB connected drive. I am trying to import them to PSE. The "Copy on Import" button is greyed out. How can I enable it so I can disconnect the external drive?.

    The "Copy on Import" button is greyed out. How can I enable it so I can disconnect the external drive?.

    "Copy" is normally used when connecting a camera or card reader.
    Simply copy or move folders from your external drive to your computer hard drive, then from the Organizer menu click:
    File >> Get Photos & Videos >> From Files & Folders
    Then navigate to the new location on your internal hard drive.

  • How to find bpel instance in 11g based on the index values

    We have 10g BPEL process where we define 4 index values for all the instances. Whenever support request comes, we ask index values and based on that we search the process instance.
    We have migrated this 10g bpel process to 11g now. How to find bpel instance in 11g based on the index values ???

    I have multiple bpel in my composite. I checked in ci_indexes table and it shows the instance number of the bpel process. But the em console is showing only the composite instance number. when I opened composite instance, I could see all the bpel process with instance number in the audit trail. How can I find the the actual composite instance number that I should search for in the em console ???

  • How to hide iviews based on the user groups?

    Hi,
    I have a custom role with workset, page and iviews.
    The page has 5 iviews.
    User group1 can see 5 iviews in the page.
    Now user group2 wants see only 3 iviews in the page (same role).
    Without creating another role for user group2, How can I hide the iviews based on the user group?
    Is this possible?
    Thanks
    Sundar

    Hi Sundar,
    I guess to achieve this, you have to set the permissions at iView level.
    For this, go to System Admin -> Permissions -> Portal Permissions. Now navigate to your iView using the folder structure, do right-click on the iView and click on Open Permissions.
    Search for the particular group and add that and assign the privileges accordingly. You can remove Everyone group from the iView .
    Hope this will solve your problem.
    Regards,
    Saurabh Mathur

  • When I receive word documents via my yahoo on my mac, the format always come up as a TEXTEDIT doc.  This is causing me serious problems.  How do I enable my documents to open in the original format it was sent?

    when I receive word documents via my yahoo on my mac, the format always come up as a TEXTEDIT doc.  This is causing me serious problems.  How do I enable my documents to open in the original format it was sent?

    Do you have Microsoft Word installed on your Mac? If so, you can reassign all .doc files to Word by selecting the file in Finder and choosing "File > Get Info" from the menu. In the window that opens look for "Open with" and change the entry to "Microsoft Word".

  • How to check Role based on the User ID

    Hi All,
      Based on the User ID how to check the role of the particular person[ex Employee / Manager etc].In HR module in which table the details are present.
    Thanks.
    Regards
    Tina

    Hi Tina,
    Use FM: <b>HR_GETEMPLOYEEDATA_FROMUSER</b>
    This will give you all info related to User ID.
    In parameter EMPLOYEESUBGROUP , you will get position of this employee.
    Hope this helps.
    Regds,
    Akshay Bhawgat
    Note: Some points would be nice if it helps.
    Message was edited by: Akshay Bhagwat

  • HT1212 how can I enable my old iPhone 3 without the passcode

    how can I enable my old iphone 3 without the passcode

    Follow the directions here to force the phone into recovery mode & restore it:
    http://support.apple.com/kb/HT1808

  • Report based on the user profile

    Hi,
    i'm trying to create a report with Oracle Report6i based on the user profile.
    I created a form with many Lovs, so that i can choose the parameter to send to the report (using a java script).
    I also would like to send the user that's currently logged in, just in order to filter the output.
    How can i use the api wwctx_api.get_user in the java script ?
    Thanks.

    Hi,
    It is not possible to use the api directly in javascript. Maybe you pass it as a parameter to a javascript function.
    Thanks,
    Sharmila

  • Purchasing Group authorization based on the user

    Hi All,
    Can anyone suggest me ideas on how to restrict in accessing details of a PO for a  purchasing group based on the user who tries to access it .
    the object is M-BEST_EKG.
    need guidance in using AUTHORITY_CHECK in restriciting PO group based on the userid.
    Thanks in advance.
    Regards,
    Ry

    Hi,
    ACTIVITY controls what user can do to the PO.
    01-Create
    02-Change
    03-Display
    EKGRP controls the purchasing group
    To restrict to a specific purchasing group, modify the authorization object in the role which user has to allow the specfic P.Grp. only
    Cheers !

  • Restrict Org details based on the User in Business partner creation..

    Hi Gurus,.
    I have to assign Sales Org , DIV, Distribution Channel to the Business Partner in Sales Area data.  When I try system shows entire Org structure. But I want the Org structure should be displayed based on the user log on. Assume that, I am assigned to Shangai and creating Business partner for Shangai, the system should not show Beijing or other Org Unit since I belong to Shangai.  How to address this scenario thro standard customization?
    Is it common problem in CRM Webui(6.0 and 7.0).
    My Org Structure:
    Global
      China
         Shangai
         Beijing
       Nanjing.
    Thanks in Advance....

    Hi Denis,
       Thanks for your reply. I believe Org determination rule is applicable for Transaction types not for Account Creation. I want to get Sales area data based on login user. It shows complete Sales Area(Sales Org IDDistribution ChannelDivision) when I create an Account.. Assume that you are an employee and assigned to Newyork, when you create New Customer in Newyork, system should not show Boston, Washington Sales areas...Please throw some light on this...
    Thanks in Advance.,

  • Different masterhead image based on the user logged in portal

    HI,
    Presently we are using standard portal theme.How can I change the image in the masterhead based on the user logged in.How can i change that and i want to assign that masteredhead to users.
    Can anybody give me suggesion about this.
    Thanks,
    Regards,
    Srinivas

    Dear Srinivas,
    Simple of achiving this kind of scnario is create separate themes for different users and assign the themes to the users in master rule collection through Desktop Page.Here in this case you will be creating one framework page and multiple Desktops and themes.All the desktops will be having the same framework page and different themes based on the user type or group type.
    Otherway of achiving this is create an pdk application where it will have multiple jsp components in it and based on the each component create one PAR iview.Let us take if four groups of users then you will be creating four different jsps in pdk application which will inturn contains different masterhead images and related logos.After creating the iview place the iview in the correcsponding framework page below the masterhead iview.Here multiple framework pages and Desktops and you can go with single theme.
    In the first scenario the masteread , we are managing through the theme and in second the masterhead we are managing throgh application.
    Either of the scenarios can be used to create differet masterheads for different users.
    Hope the answer helps you....
    Reward the points if it is helpful.
    Thanks,
    Rudradev Devulapalli

  • Different masterhead image based on the user logged in

    HI,
    Presently we are using standard portal theme.How can I change the image in the masterhead based on the user logged in.How can i change that and i want to assign that masteredhead to users.
    Can anybody give me suggesion about this.
    Thanks,
    Regards,
    Srinivas

    Dear Srinivas,
            Simple of achiving this kind of scnario is create separate themes for different users and assign the themes to the users in master rule collection through Desktop Page.Here in this case you will be creating one framework page and multiple Desktops and themes.All the desktops will be having the same framework page and different themes based on the user type or group type.
            Otherway of achiving this is create an pdk application where it will have multiple jsp components in it and based on the each component create one PAR iview.Let us take if four groups of users then you will be creating four different jsps in pdk application which will inturn contains different masterhead images and related logos.After creating the iview place the iview in the correcsponding framework page below the masterhead iview.Here multiple framework pages and Desktops and you can go with single theme.
             In the first scenario the masteread , we are managing through the theme and in second the masterhead we are managing throgh application.
             Either of the scenarios can be used to create differet masterheads for different users.
    Hope the answer helps you....
    Reward the points if it is helpful.
    Thanks,
    Rudradev Devulapalli

  • Pdfwatermark based on the user who login

    Hi,
    I wanted to know whether we can apply pdfwatermarking to documents based on the users who logs in?how?
    Thanks in advance

    I just got your point: you want to determine the rule, not the text in the PDF Watermark itself.
    I'm afraid, this is not possible - at least, OOTB. The rules really have criteria based on metadata of the document only - see http://docs.oracle.com/cd/E23943_01/doc.1111/e10978/e01_user_if.htm#CACCAGAB
    I can think of two ways how this could be resolved:
    - text in the template would be so dynamic, that it'd opt to blank if necessary (this requires that PDF templates may accept idocScript, which I do not know if true)
    - at the caller side or somehow in the processing of the called service (so that Watermarking is by-passed)
    It'd help if you describe your business scenario.
    P.S. I've just seen you described your scenario. So, it eliminates the option b) - just check if you can use idocscript in the templates, then.
    Edited by: jiri.machotka on Apr 2, 2013 3:21 PM
    Edited by: jiri.machotka on Apr 2, 2013 3:33 PM

Maybe you are looking for