The policy must be configured to require members of the Global Administrators group to use multi-factor authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations. Solution: You can access the multi-factor authentication page to alter the user settings. Does the solution meet the goal?