Why the new MFA registration benefits your users
The new website for the combined security information registration, as Microsoft officially calls it, allows users to set up MFA and the necessary information for self-service password reset (SSPR).
It is also a prerequisite for setting up FIDO2 security keys, the use of “user actions” in conditional access policies, and will certainly be required for any new two-factor methods.
At first glance, however, these changes do not benefit the individual user.
But especially for firstline workers, i.e. users with only one mobile device, the change brings a greatly improved user experience during the initial setup of MFA.
The following screenshot shows an example of what setting up a second factor on a mobile device looks like.
The process is anything but user-friendly and setting up the Microsoft Authenticator additionally requires manually copying the displayed information into the app. The normal user has been lost at this point at the latest. The option of using the phone number as a second factor is the simplest, since the user does not have to leave the browser.
But even with this solution, the user has to manually adjust the size to be able to see anything at all.
New combined registration
Microsoft has learned from customer feedback and designed the new UI so that it can be used on a smartphone without any problems. The interface is modern and intuitive.
It’s a smooth process throughout, even when setting up the Authenticator app. It’s enough to click a link to directly open the Authenticator app and add the account.
For the initial setup, the browser of the smartphone should be used.
During the initial setup via an app such as Teams or Yammer, it is not possible to access the Authenticator app properly from within the workflow on iOS and some Android devices (e.g. Samsung).
Provide your users with the short-link https://aka.ms/mfasetup to ensure the greatest user experience for the initial setup.
The short link https://aka.ms/mysecurityinfo can be used to manage the MFA data set up so far.
Enable combined security information registration experience
Just set “Users can use the combined security information registration experience” to “All” and save.
If desired, this can also be tested on a small group of users first. Please note that only one group can be selected. It is therefore recommended to use an extra group.