Configuration
All settings are managed in mfa-config.ini. This file is created from the template during first setup.
Configuration Sections
[Tenant][Tenant]
TenantId = yourtenant.onmicrosoft.com
SubscriptionId = your-azure-subscription-id
Setting
Description
Example
TenantIdMicrosoft 365 tenant ID or .onmicrosoft.com domain
contoso.onmicrosoft.com
SubscriptionIdAzure subscription ID
12345678-1234-1234-1234-123456789012
[SharePoint][SharePoint]
SiteUrl = https://yourtenant.sharepoint.com/sites/MFAOps
SiteOwner = admin@yourtenant.com
AppRegName = YourOrg-SPO-Automation-MFA
SiteTitle = MFA Operations
ListTitle = MFA Onboarding
Setting
Description
Auto-filled
SiteUrlFull URL to SharePoint site
No
SiteOwnerEmail of site owner
No
AppRegNameApp registration name for SharePoint
No
SiteTitleDisplay title for SharePoint site
No
ListTitleName of tracking list
No (default: MFA Onboarding)
ClientIdApp registration client ID
Yes
CertificatePathPath to auth certificate
Yes
CertificateThumbprintCertificate thumbprint
Yes
ListIdSharePoint list GUID
Yes
[Security][Security]
MFAGroupName = MFA Enabled Users
Setting
Description
Auto-filled
MFAGroupNameName of MFA security group
No
MFAGroupIdGroup object ID
Yes
[Azure][Azure]
ResourceGroup = rg-mfa-onboarding
Region = uksouth
FunctionAppName = func-mfa-yourorg-001
StorageAccountName = stmfayourorg001
Setting
Description
Auto-filled
ResourceGroupAzure resource group name
No
RegionAzure region
No
FunctionAppNameFunction App name (must be globally unique)
No
StorageAccountNameStorage account name (must be globally unique)
No
MFAPrincipalIdManaged Identity principal ID
Yes
AppInsightsNameApplication Insights resource name
Yes
AppInsightsKeyInstrumentation key
Yes
AppInsightsConnectionStringConnection string
Yes
[Email][Email]
MailboxName = MFA Registration
NoReplyMailbox = MFA-Registration@yourtenant.com
MailboxDelegate = admin@yourtenant.com
EmailSubject = ACTION REQUIRED: Complete your MFA Registration
ReminderSubject = REMINDER: Complete your MFA Registration
Setting
Description
MailboxNameDisplay name for the shared mailbox
NoReplyMailboxEmail address for the shared mailbox
MailboxDelegateAdmin who can access the mailbox
EmailSubjectSubject line for initial invitation emails
ReminderSubjectSubject line for reminder emails
[LogicApp][LogicApp]
LogicAppName = mfa-invite-orchestrator
RecurrenceHours = 12
Setting
Description
Auto-filled
LogicAppNameLogic App name
No
RecurrenceHoursHours between Logic App runs (default: 12)
No
TriggerUrlHTTP trigger URL for immediate invocation
Yes
ConnectionIdSharePoint API connection ID
Yes
Office365ConnectionIdOffice 365 API connection ID
Yes
[UploadPortal][UploadPortal]
AppRegName = YourOrg-MFA-Upload-Portal
Setting
Description
Auto-filled
AppRegNameApp registration name for portal
No
PortalUrlStatic website URL
Yes
[Branding][Branding]
CompanyName = Your Organisation
LogoUrl = https://yourorg.com/logo.png
SupportTeam = IT Security Team
SupportEmail = itsupport@yourtenant.com
Setting
Description
CompanyNameOrganisation name shown in emails
LogoUrlURL to company logo (optional)
SupportTeamSupport team name shown in email footers
SupportEmailSupport contact email shown in email footers
[OpsGroup][OpsGroup]
OpsGroupEmail = mfa-ops@yourtenant.com
OpsGroupName = MFA Operations Team
Setting
Description
OpsGroupEmailMail-enabled security group for ops notifications
OpsGroupNameDisplay name for the ops group
[EmailReports][EmailReports]
LogicAppName = logic-mfa-reports-123456
Recipients = admin1@domain.com,admin2@domain.com
Frequency = Day
Setting
Description
LogicAppNameReports Logic App name
RecipientsComma-separated list of report recipients
FrequencyDay (daily at 9 AM) or Week (Monday at 9 AM)
Auto-Filled Settings
Settings marked as "Auto-filled" are populated automatically during deployment. You do not need to set these manually — the deployment scripts will write them to mfa-config.ini as resources are created.
Warning
Do not manually edit auto-filled settings unless you know what you're doing. Incorrect values will break the deployment.
2026-05-04
2026-04-15
2 revisions