Forum Discussion
MFA and MDM
Hi,
You can use https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview to enable the second factor when outside "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks".
If you are using https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-adfs-2012, the trusted location's should work as expected and only apply the factor when connecting from "Unknown Networks".
In regards to restricting Non-Domain Joined devices to resources in Azure, you can use the Conditional Access Policy to only allow "Hybrid Azure Joined device" to access the Services. When the 3rd part contractor tries to access the resource with his/hers Non Domain Joined device, it will be restricted.
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains
The Multiple SMS issue, change your MFA preference to use Authenticator App
http://aka.ms/mfasetup