RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

FAQ for RM installation service Microsoft 365 Azure AD Identity Protection service
Published Date : 26 Apr 2018   Last Updated : 23 Jul 2024   Content Ref: TEC6197531  


Operating System(none)
Part No(none)
SummaryAnswers commonly asked questions about the RM installation service Microsoft 365 Azure AD Identity Protection service.



Symptoms

This article aims to answer the most commonly asked questions regarding RM installation service Microsoft® 365™ Azure AD Identity Protection.


Requirements

Which groups are created as part of the RM installation service and what are they used for?

We create the following groups:

  • AAD MFA registration group - Members of this group have the multi-factor authentication (MFA) registration policy applied and are required to register for Azure AD MFA at logon.

Important: If you are planning to enable/have already enabled MFA in RM Unify, then please be aware that it would require a user to answer 2 x MFA challenges before gaining access to Microsoft 365 - an RM Unify MFA challenge before getting access to Azure AD and then an Azure AD MFA challenge before gaining access to Microsoft 365. The two MFA processes are entirely independent, so we recommend that you choose to use either RM Unify MFA or Azure AD MFA.

For more information on RM Unify MFA, please refer to RM Unify MFA.

  • AAD user risk protection group - Members of this group have the user risk policy applied and will be forced to change their password, if Microsoft detects a high risk event has occurred. For more information on sign in risk and risk events, please refer to the following Microsoft technical articles:

Important: Currently RM Unify does not support password write back, so this policy is not suitable for RM Unify federated users. Please include only users on a domain not federated to RM Unify and who are already able to change their password directly in Microsoft 365, e.g. a global admin user created directly in Microsoft 365.

  • AAD sign in risk protection group - Members of this group have the sign in risk policy applied and are forced to authenticate using MFA, if something unusual is detected about their sign in, e.g. new location, device, app. For more information on sign in risk and risk events, please refer to the following Microsoft technical articles:

  • AAD location risk protection group - Members of this group have the location-based conditional access policy applied. If a user signs into Microsoft 365 from the trusted location, they will not be prompted for MFA but will be prompted for MFA when signing in from elsewhere. This configuration is optional and you may not have selected this opt in.
  • AAD device compliance protection group - members of this group are prevented from signing into Microsoft 365 from devices that are not compliant with Intune policies. This configuration is optional and you may not have selected this opt in.


FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: o365, office 365, azure id, identityprotection,2fa, mfa, multi-factor, multifactor, m365, TEC6197531


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page