Forum Discussion
Solved
Can I improve user experience of Azure MFA?
Hi all, We have not that long ago enabled Azure MFA via conditional access to the most important users in the company. At the time of deployment it got thrown in with probably little appreciation...
- Yes, this is possible.
So you can use the 'require compliant device' if your devices is fully Intune managed and not added to an on-prem domain. So this means AAD joined W10, Android, iOS and MacOs
If your W10 computers are currently on-prem, I would advise you to hybrid join them. That way they are joined to AD and AAD at the same time
I usually keep it an 14 days. This is a good middle ground between security and user friendlyness
It's not overkill to include all cloud apps.
I would however, advise you to exclude all compliant/hybrid joined devices. If you set it up like this, your users will not receive MFA prompts when they are on a corporate computer
It's not overkill to include all cloud apps.
I would however, advise you to exclude all compliant/hybrid joined devices. If you set it up like this, your users will not receive MFA prompts when they are on a corporate computer