[GH-ISSUE #2920] [Feature Request]: Deploy 'Enable MFA Allow' by Group #1447

New issue

Closed

opened 2026-03-02 13:44:15 +03:00 by kerem · 2 comments

kerem commented 2026-03-02 13:44:15 +03:00

Owner

Copy link

Originally created by @mcabreralvl2 on GitHub (Oct 4, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2920

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

Deploy 'Enable MFA Allow' by Group

Currently, administrators can only apply "Enable MFA Allow" settings broadly across the tenant. There is a need for more granular control to apply these settings by group, which allows for targeted security enforcement and gradual rollout within an organization.

Add functionality within CIPP to enable "Enable MFA Allow" based on specific groups rather than at the tenant-wide level. This would provide flexibility to administrators to apply MFA policies in stages or to specific subsets of users, such as high-security roles, departments, or pilot groups.

Manual application of MFA settings through Azure AD per group, which is time-consuming and does not benefit from the streamlined automation and management that CIPP offers.

The ability to apply MFA policies by group within CIPP will improve security management and allow for better customization of user access policies based on organizational needs. It can also help MSPs better align with client security policies and requirements.

PowerShell commands you would normally use to achieve above request

No response

Originally created by @mcabreralvl2 on GitHub (Oct 4, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2920 ### Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole. Deploy 'Enable MFA Allow' by Group Currently, administrators can only apply "Enable MFA Allow" settings broadly across the tenant. There is a need for more granular control to apply these settings by group, which allows for targeted security enforcement and gradual rollout within an organization. Add functionality within CIPP to enable "Enable MFA Allow" based on specific groups rather than at the tenant-wide level. This would provide flexibility to administrators to apply MFA policies in stages or to specific subsets of users, such as high-security roles, departments, or pilot groups. Manual application of MFA settings through Azure AD per group, which is time-consuming and does not benefit from the streamlined automation and management that CIPP offers. The ability to apply MFA policies by group within CIPP will improve security management and allow for better customization of user access policies based on organizational needs. It can also help MSPs better align with client security policies and requirements. ### PowerShell commands you would normally use to achieve above request _No response_

kerem 2026-03-02 13:44:15 +03:00

• closed this issue
• added the
  enhancement
  no-priority
  labels

kerem commented 2026-03-02 13:44:17 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Oct 4, 2024):

Only sponsors are allowed to create feature request, and even then this would not be a feature request we entertain; MSPs would use this to decrease the security of tenants, not improve. All your users require MFA, no exceptions.

<!-- gh-comment-id:2394369014 --> @KelvinTegelaar commented on GitHub (Oct 4, 2024): Only sponsors are allowed to create feature request, and even then this would not be a feature request we entertain; MSPs would use this to decrease the security of tenants, not improve. All your users require MFA, no exceptions.

kerem commented 2026-03-02 13:44:17 +03:00

Author

Owner

Copy link

@JudgeDreddKLC commented on GitHub (Oct 5, 2024):

@KelvinTegelaar Manny works for RYC, please re-open. Thanks.

<!-- gh-comment-id:2395138300 --> @JudgeDreddKLC commented on GitHub (Oct 5, 2024): @KelvinTegelaar Manny works for RYC, please re-open. Thanks.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1447

No description provided.