Forum Discussion
Conditional policies in Azure AD vs. Intune
We are planning to deploy ODB for about 10000 users. The main issue right now is controlling the access and dealing with compliance. There are a few things that I need some clarification on; Th...
Hi Vasil,
Thank you for the quick response.
Would the following hold true?If yes, then maybe a custom MFA provider could be used with AAD Conditional access.
Source:https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps
Configure federation services to provide multi-factor authentication
For federated tenants, MFA may be performed by Azure Active Directory or by the on-premises AD FS server.
By default, MFA will occur at a page hosted by Azure Active Directory. To configure MFA on-premises, the –SupportsMFA property must be set to true in Azure Active Directory, by using the Azure AD module for Windows PowerShell.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azuread-connected-apps
Yes, with AD FS (or third party federation solution) you can use custom providers, but it requires you to have the domain federated. And if you are federated, you can implement the conditional policies on the AD FS server, no need to pay the Azure AD Premium license for AAD Conditional access.