Forum Discussion

Anonymous's avatar
Anonymous
Feb 21, 2019

MFA and MDM

Looking for advice.   I want to enable MFA for all staff with the condition that they are only prompted for the second authenticator when they are outside of the office. For this to happen am i rig...
security & compliance
Joachim Løe's avatar
Joachim Løe
Brass Contributor
Feb 22, 2019

Hi,

 

You can use https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview to enable the second factor when outside "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks".
If you are using https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-adfs-2012, the trusted location's should work as expected and only apply the factor when connecting from "Unknown Networks".

In regards to restricting Non-Domain Joined devices to resources in Azure, you can use the Conditional Access Policy to only allow "Hybrid Azure Joined device" to access the Services. When the 3rd part contractor tries to access the resource with his/hers Non Domain Joined device, it will be restricted.

https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domains

 

The Multiple SMS issue, change your MFA preference to use Authenticator App

http://aka.ms/mfasetup