Forum Discussion

Stefanie Cortese's avatar
Stefanie Cortese
Copper Contributor
Jun 11, 2018
Solved

Dual Factor Conditional Access

I want to enable dual auth for Office 365 but I have one issue that will be a challenge, wondering if a conditional access rule would fix it.    We have a group of users that log into others mailbo...
Azure AD
office 365
  • NunoAriasSilva's avatar
    NunoAriasSilva
    Jun 11, 2018

    Hi Stefanie Cortese,

     

    You have two options:

    • Make the users connect throught a VPN to your on-premises network that the Public IP is in Trusted IP's
    • Disable the MFA Temporary

     

Steven Collier's avatar
Steven Collier
MVP
Jun 11, 2018

Do these users have the passwords of the person on holiday? That's really a very poor solution as you'll never know who is really who when you look at audit logs and the like. It's really easy for a mailbow owner to add someone else to have full access to their mailbox using their account.

 

That way everyone stays being themselves, can 2 step authenticate as themselves and still have access to everything. 

Stefanie Cortese's avatar
Stefanie Cortese
Copper Contributor
Jun 11, 2018

I agree with you 100%. There is one add-on business app that does not work under delegated access. So at times, there needs to be a direct sign in. 

  • NunoAriasSilva's avatar
    NunoAriasSilva
    MVP
    Jun 11, 2018

    I agree with Steven Collier.

     

    The best approach is to give Full Mailbox permissions to the user regarding the MFA access.

     

    Stefanie Cortese you can do that in Exchange Online mailbox permissions and keep that audit and can have/must have the 2 users with MFA enabled. And if is not possible, please audit and use VPN.

Resources