Jump to CustomersLinton > Linton > MFA

Multi-factor authentication

Accounts which may encounter issues if MFA is enabled globally

Logins between 20th July and 19th August which were using protocols that can't support modern authentication (Exchange ActiveSync, IMAP, POP, SMTP):

• admissions@lvc.org
• adult.education@lvc.org
• alison.rothwell@lvc.org
• angela.wylie@lvc.org
• anna.garner@lvc.org
• attendance@lvc.org
• cameron.fehr@lvc.org
• carey.mayzes@lvc.org
• george.jenkins@lvc.org
• guy.barton@lvc.org
• helena.marsh@lvc.org
• helen.fenn@lvc.org
• ian.simmons@lvc.org
• jennifer.pullin@lvc.org
• john.taylor@lvc.org
• julie.mcgrath@lvc.org
• katie.tooke@lvc.org
• louise.keen@lvc.org
• margaret.kiddy@lvc.org
• nichola.addley@lvc.org
• pauline.kenning@lvc.org
• peter.smyth@lvc.org
• principal@lvc.org
• reception@lvc.org
• rita.bloxam@lvc.org
• shahla.matarazzo@lvc.org
• tickets@lvc.org
• tim.darby@lvc.org

Logins between 20th July and 19th August using old authentication (MAPI Over HTTP):

• shahla.matarazzo@lvc.org

Accounts which may encounter issues if IMAP is disabled globally

Logins between 20th July and 19th August which wouldn't have worked if IMAP access itself was globally disabled (independently of any Conditional Access restrictions):

• 16apostenyi@lvc.org
• 16bsellick@lvc.org
• 16dennin@lvc.org
• 16ewaldauatkinson@lvc.org
• 16jwebb@lvc.org
• 16otemple@lvc.org
• 17bphillips@lvc.org
• 17cclayden@lvc.org
• 17egrey@lvc.org
• 17hholroyd@lvc.org
• 17lwittich@lvc.org
• 17mblackmore@lvc.org
• 17mdraper@lvc.org
• 18jsainsbury@lvc.org
• 18pbickerton@lvc.org
• 18twoodford@lvc.org
• 19aclark@lvc.org
• 19ecollins@lvc.org
• 19ewang@lvc.org
• 19hpreston@lvc.org
• 19lager@lvc.org
• admissions@lvc.org
• adult.education@lvc.org
• daniel.turner@lvc.org
• margaret.kiddy@lvc.org
• peter.smyth@lvc.org
• tim.darby@lvc.org

Configured policies

Configured in Azure settings portal under Security / Conditional Access.

C01 - Require MFA for all cloud apps for global administrators

• State: On
• Users
  • Include role: Global Administrators
  • Exclude users: aadc@LVC365.onmicrosoft.com, admin@LVC365.onmicrosoft.com
• Cloud apps or actions: All cloud apps
• Grant
  • Grant access
  • Require multi-factor authentication

C02 - Require MFA for all cloud apps for staff accounts

• State: Report only
• Users:
  • Include group: staff@lvc.org
  • Exclude groups: MFA-Staff-ActiveSync, MFA-Staff-Disabled, MFA-Staff-Legacy
• Exclude role: Global Administrators
• Cloud apps or actions: All cloud apps
• Grant:
  • Grant access
  • Require multi-factor authentication

C03 - Require MFA for all cloud apps for staff accounts except when using ActiveSync

• State: Report only
• Users:
  • Include group: MFA-Staff-ActiveSync
  • Exclude groups: MFA-Staff-Disabled, MFA-Staff-Legacy
• Exclude role: Global Administrators
• Cloud apps or actions: All cloud apps
• Conditions:
  • Client apps:
    • Browser: YES
    • Mobile apps and desktop clients: YES
    • Exchange ActiveSync clients: NO
    • Other clients: YES
• Grant:
  • Grant access
  • Require multi-factor authentication

C04 - Require MFA for all cloud apps for staff accounts except when using any legacy authentication type

• State: Report only
• Users:
  • Include group: MFA-Staff-Legacy
  • Exclude groups: MFA-Staff-Disabled, MFA-Staff-ActiveSync
• Exclude role: Global Administrators
• Cloud apps or actions: All cloud apps
• Conditions:
  • Client apps:
    • Browser: YES
    • Mobile apps and desktop clients: YES
    • Exchange ActiveSync clients: NO
    • Other clients: NO
• Grant:
  • Grant access
  • Require multi-factor authentication

Security groups

Based on the policies above the follow security groups can opt staff out of being required to use MFA for a given context:

• MFA-Staff-Disabled

• MFA-Staff-ActiveSync

• MFA-Staff-Legacy

Note that based on the exclusion rules used by the Conditional Access policies it doesn't make sense for a user to be a member of more than one of these groups