M365 2FA postponement?

[Velvis]

Is it still possible to delay the 2FA setup for 14 days? I am setting up a computer for a new employee who doesn't start until next week but I am not able to get Office downloaded and configured without setting up 2FA first. There used to be a button to bypass it for 14 days at which point the employee could download the authenticator and do it on their first day. Did they move it or is it now required at first login?

 

[Sky-Knight]

This is where Conditional Access is a must! But even without it, Azure Authentication methods (In Entra Admin panel, also Azure portal), enable Temporary Access Pass (TAP), use the Entra ID admin panel's MFA methods for that user to add one to that account, and BOOOM temporary single factor auth for all your admin needs.

Note that Authentication Methods blade, also is where you configure the registration campaign, which tells the back end such things as, how long someone can skip enrollment!

 

[thecomputerguy]

I preconfigure devices using a TAP all the time ... it really is the best way to do it. Register a TAP configure the device and configure Windows Hello and your done.

You are logged in to the account,edge, onedrive, teams, office ... everything.

I usually set the PIN up as the clients zip code with the last digit being a duplicate with a note to the client to change it immediately.

i.e. 12345 would be 123455