I have Security Defaults enabled in Azure AD and a whitelist created for the static IP address of the business. MFA is working well and the whitelisting works great within the business. We also have an on-premise AD server that is syncing to Azure AD.
Now for the fun part
We have a local ad user setup on your counter computer for sales that come in the door. This user never uses any of the cloud services provided by microsoft but with the AD sync to the cloud the account is sitting waiting for MFA to be setup.
Is there any way to expire MFA on these accounts in say 30 days so MFA cannot be setup after that period?
Theoretically a hacker could steal the credentials, login to the account, and setup MFA on there own device and have control of that account.
Is the idea that if there is nothing important in the cloud account that securing it is unnecessary?
Thanks in advance for any feedback or suggestions you may have.
