JFL's questions

We have a M365 tenant with MFA enforced for all users.

We can use either text message (SMS) or Microsoft Authenticator app on smartphone with a Time Based code (6 digit TOTP code).

We would like for some users to have the MFA set to "approval" mode. I.E. when the user try to login, the MS Authenticator ask the user to approve the sign-in request and the user simply need to push on the 'approve' button.

How can we configure this?

Note: we are aware this may be less secure and some users will simply approve any request even if they are not the originator. This is to be set up for very specific users which we trust to use this feature correctly.

We are migrating from MS Exchange 2010 SP3 to 2016 (CU7). All servers are on premises.

We moved several mailboxes from a 2010 server to 2016 without issue.

Now for 3 mailboxes the MoveRequest stall. The status showed by a "Get-MoveRequestStatistics" is :

Status : Queued
StatusDetail : StalledDueToTarget_ContentIndexing

What we have tried:

• stop or restart the services Microsoft Exchange Search and Microsoft Exchange Search host controller
• checked that the group ContentSubmitters exist (it did) and add Full Controll for "Network services", then restart the search services.
• Disabled content indexing on the target database with the command Set-MailboxDatabase "dbID" -IndexEnabled $false
• Removing and recreating the move request after those
• Suspending and resuming the move request
• Moving the mailbox to 3 other exchange 2010 databases then trying to move them to a 2016 server, to various destination databases

Still no luck.

How can I have those move requests to succeed?