Announcements
I need some clarification to something that I have read or heard regarding MFA setup within GP.
I'm not sure what this means: Only the very first user who logs into the GP MFA window when you first set it up in Company E-mail Settings needs to be an admin from your Azure tenant. This is because that process is authorizing GP to access the Azure App Registration. After that the non-admin users can work just fine.
Does this mean this first user needs to sign onto the GP app server and then log onto GP as themselves, or log on as SA?
While I've only really done it logged into GP as 'sa', I don't think it matters which GP login you're using though they'd need access to the Company Email Settings window, which is another reason why 'sa' is recommended.
It's more, as you mentioned, when you first put in the Application Client ID into the Company Email Settings window to enable Modern Authentication and prompted for credentials, that you select and use an account that is an admin on the Azure AD where the App Registration/Application Client ID was created.
Thanks
André Arnaud de Cal... 291,359 Super User 2024 Season 2
Martin Dráb 230,370 Most Valuable Professional
nmaenpaa 101,156