Hi Everyone,
I've been struggling here a bit and there seems to be a big flaw in the Baseline Policy for MFA in the 365 portal.
I have enabled the policy and now I can't run lots of the PowerShell scripts linked in the same Secure Score portal as the policy recommended to enable MFA for Admins! For example I can't run the PowerShell script to check Inactive users (https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/InactiveUsersLast90Days.ps1)
Better still a lot of the comments on the github articles mention setting up an App Password. But The option to create an App password isn't available to me. After playing around with this its because my MFA is being enforced with a conditional access policy. If I go into the MFA Management section (https://account.activedirectory.windowsazure.com) and enable MFA on my account, the app password option appears on my profile/additional security verification page. Why is my account not deemed an MFA enabled account when I'm using Conditional Access?
I also notice that when using Conditional Access for users the Additional Security Verification link isn't available to them and I have to send them a link to find the hidden MFA setup page (https://aka.ms/MFASETUP). Is this by design?
But even after setting up an App password I can't get the scripts to run.
Is this just a bit of a bug or am I missing something?