Forum Discussion

Deleted's avatar
Deleted
Sep 14, 2017

Conditional policies in Azure AD vs. Intune

We are planning to deploy ODB for about 10000 users. The main issue right now is controlling the access and dealing with compliance.   There are a few things that I need some clarification on; Th...
Authentication
compliance
mobile
security
VasilMichev's avatar
VasilMichev
MVP
Sep 14, 2017

If you want to use custom MFA provider, you have to federate with your on-premises AD or use 3rd part federation. Azure AD Conditional access only supports Azure MFA as a second factor.

Deleted's avatar
Deleted
Sep 14, 2017

Hi Vasil,

 Thank you for the quick response.

 

Would the following hold true?If yes, then maybe a custom MFA provider could be used with AAD Conditional access.

 

Source:https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps

Configure federation services to provide multi-factor authentication

For federated tenants, MFA may be performed by Azure Active Directory or by the on-premises AD FS server.

By default, MFA will occur at a page hosted by Azure Active Directory. To configure MFA on-premises, the â€“SupportsMFA property must be set to true in Azure Active Directory, by using the Azure AD module for Windows PowerShell.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps