Question:
When a new machine is added to the tenant role that enables MFA, the cloud cache must be updated before the role is realized for that machine. The time that is required to update the cache is variable and can sometimes be long. Is there a way to reduce the time required to enable MFA on a specific machine?
Answer:
A technique to add computers to the MFA role in the tenant that quickens the time needed to realize the changes, is to put the computer into an AD (Active Directory) group and then add the AD group as a member of the role on the tenant.
In this example, the AD group created is named cfyC_MFA-computers.
The machine, cps-rhel2, is a member of the AD group.
In the tenant, the AD group needs to be added as a Member of the MFA role, i.e. MFA-Computers-All
Using the technique above, the performance of the cloud cache for the role is improved and the machine will realize the MFA-Computers-All role quicker than being added as an individual machine. Each time a new machine is required to have MFA, add the machine to the AD group and it will automatically belong to the role on the tenant.