Users are added to these Azure cloud-based security groups IMMEDIATELY BEFORE or IMMEDIATELY AFTER they complete their MFA setup during on-boarding.
Note: As of this 01/2023 all users are subject to MFA requirements.
Microsoft Azure AD Portal
https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/AllUsers
Office personnel should be in these three groups:
- SSPR Users - Self Service Password Reset - users can reset their Landmark password themselves (this process is still in testing phase)
- this allows users to reset their own password via browser using https://passwordreset.microsoftonline.com/
- CSE Users - Combined Security Experience - MFA settings, password reset, and login information all held in a single portal
- this directs users to the new portal https://mysignins.microsoft.com/ and redirects users going to the legacy MFA portal aka.ms/mfasetup
- MFA Users - Multi-Factor Authentication Users - applies policies and enforces MFA
- the EMS E3 license will be automatically assigned to users of this group unless the license has been previously assigned