AlexFilipin
commented
4 years ago If user is not registered yet it will prevent an attacker from registering MFA information - updated the policy to include MFA as grant control.
Closed AlexFilipin closed 4 years ago
AlexFilipin
commented
4 years ago If user is not registered yet it will prevent an attacker from registering MFA information - updated the policy to include MFA as grant control.
Should we add a the MFA control to the "201 - - Base protection - Register security information: Require trusted device or location For internal users" policy in addition to trusted device?
Needs testing likely it will make the policy useless Also consider shifting the policy to block with exclude for trusted device