Forum Discussion

Ueli Zimmermann's avatar
Ueli Zimmermann
Brass Contributor
May 18, 2018

Azure Active Directory and ADFS support for Location based MFA ?

Any one knows if it is possible to kind of apply MFA only from like outside the defined trusted Networks and how to set this up if ADFS 3.0 is in play ?  i tried to use just AAD Conditional Access Po...
Azure Active Directory (AAD)
Identity Management
Ueli Zimmermann's avatar
Ueli Zimmermann
Brass Contributor
Jun 05, 2018

Thank you Rishabh,

 

I have verified this Options as well within Conditional Access. I will check further if there was still a configuration issue on my end or if this is correct and somewhere else is the mistake.

I did configure this exactly the Way you mentioned but somehow it seems to be not apply.

 

Anyway i feel confident now that i understood the Process and how it should work so the issue must be somewhere around in my environment :-) will find it.

 

Thanks again and regards

Ueli

Ueli Zimmermann's avatar
Ueli Zimmermann
Brass Contributor
Jun 09, 2018

I also found out two more things.

 

A) It seems that a lot of the O365 Apps are somehow integrated with SharePoint.

For Example if i just activate this Rule for SharePoint Online and only  through Browser, i also have to authenticate if i want to open Word, Excel, PowerPoint, Teams, Planner etc etc. Only Yammer and some other Apps are not related to SharePoint as it seems. If i connect to Teams via Fat-Client it works without MFA as intended.  Strange though that most of these Apps are SharePoint related. It also does not help if you make exclusions for let say Teams etc. 

 

B) If enforcing MFA through Conditional Access the User does not get the Benefit of registering and using the Authenticator App on the Mobile Phone. It only reveals the Option for Phone Call and SMS even though if you would fully Deploy MFA for the User the Authenticator Method is configurable and activated on our Tenant… Seems the registration Process for Conditional Access based Auth is different (like Self Service Password Reset)   This is very sad :-(

 

 

  • Ueli Zimmermann's avatar
    Ueli Zimmermann
    Brass Contributor
    Jun 09, 2018

    Sorry Point B is solved i must got carried away by testing so much, so i missed the option is actually available. Still regarding SSPR i think its still not available there.

     

    • Rishabh Srivastava's avatar
      Rishabh Srivastava
      Iron Contributor
      Jun 09, 2018

      Hey Ueli,

       

      Thanks, but I didn't get the below mentioned statement.

      "Still regarding SSPR i think its still not available there."

       

      Regards,

      Rishabh

      • Ueli Zimmermann's avatar
        Ueli Zimmermann
        Brass Contributor
        Jun 10, 2018

        That was just a comment based on SSPR (Self Service Password Reset) Feature. 

        So far this does not allow Authenticator App. At least it was when i checked last time couple of Days ago.

         

Resources