Forum Discussion
Solved
Can I improve user experience of Azure MFA?
Hi all, We have not that long ago enabled Azure MFA via conditional access to the most important users in the company. At the time of deployment it got thrown in with probably little appreciation...
- Yes, this is possible.
So you can use the 'require compliant device' if your devices is fully Intune managed and not added to an on-prem domain. So this means AAD joined W10, Android, iOS and MacOs
If your W10 computers are currently on-prem, I would advise you to hybrid join them. That way they are joined to AD and AAD at the same time
RippieUK As you haven't rolled out Azure MFA on a large-scale just yet I want to send a heads up for Azure Identity Protection MFA registration policy. Perhaps you've already had a look at it, but here's the MS doc https://docs.microsoft.com/sv-se/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
Thijs Lecomte something to share from your own experience using this policy as well? 🙂
ChristianBergstrom Thank you for that piece of information. We currently have something similar set in our default conditional access policy that says in grant access section to require MFA which force people to go and sign up to that. Not sure if they can bypass it though.
