The terms "Per Authentication" and "Per Enabled User" refer to the billing models for an

Azure Multi-Factor Authentication (MFA) Provider. Reconfiguring the usage model from

"Per Authentication" to "Per Enabled User" via the Azure CLI primarily changes how the

company is billed for MFA services. This action, by itself, does not enable or enforce MFA

for the new Azure AD users. To ensure employees use MFA, their individual MFA status

must be set to 'Enabled' or 'Enforced' (for per-user MFA), or they must be included in a

Conditional Access policy that mandates MFA. The proposed solution only addresses the

billing/usage model, not the actual enablement of MFA for the users.

1. Microsoft Learn: "How to get Azure AD Multi-Factor Authentication"

URL: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfalicensing

Section: "Azure AD Multi-Factor Authentication provider"

Quote/Content: This section explains that an MFA provider "offers per-user or per-

authentication billing," confirming these terms relate to billing/consumption models, not

direct user enablement mechanisms.

2. Microsoft Learn: "Enable per-user Azure AD Multi-Factor Authentication to secure sign-in

events"

URL: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfauserstates

Content: This document details the process of changing user MFA states (Disabled,

Enabled, Enforced), which is the necessary step for per-user MFA enablement, distinct from

changing a billing model.

3. Microsoft Learn: "Plan an Azure AD Multi-Factor Authentication deployment"

URL: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfadeploy

Content: This guide discusses various ways to enable MFA, primarily focusing on

Conditional Access policies and per-user MFA enablement, neither of which is achieved by

solely changing a billing model.