1 minute read

Getting users to go to the aka.ms/mysecurityinfo page and set up the Authenticator app for MFA is not an easy task.

Azure ADā€™s ā€˜Nudgeā€™ feature allows you to run a Microsoft Authenticator registration campaign that interrupts a user signing in with SMS and nudges them to set up the Authenticator app.

If you set this up but are not seeing users being nudged/prompted with the ā€˜Improve your sign-insā€™ message its most probably because you have a conditional access policy for the ā€˜Register security informationā€™ page.

The nudge screen will not be displayed if a userā€™s sign in is in scope of a conditional access policy that blocks access to the ā€œRegister security informationā€ page.

Letā€™s take for example you have a conditional access policy that blocks users from accessing the ā€˜Register security informationā€™ page over the internet and limits access to your companyā€™s corporate (local area network).

When a user tries signing in over the internet and uses SMS they will not be shown the nudge (Improve your sign-ins) screen.

Letā€™s say for arguments sake if Azure AD were to send them to the page where they can set up security info. If we allowed the user to set up new auth methods it would bypass your conditional access policy defined above. Alternatively, it wouldnā€™t be a pleasant experience if we redirected the user to the nudge screen and then showed them a CA policy error when they tried to set up a new auth method.

Instead, we simply avoid showing the nudge prompt if the current sign-in is not in scope for the ā€˜Register security infoā€™ conditional access policy.

Hope that makes sense.

Categories:

Updated: