Conditional Access not working as expected

Hi guys i'm trying to configure Conditional Access for our users. We have Windows 10 managed Notebooks, which are AAD Joined and have Windows Hello for Business configured, which everything is ju...

Conditional Access

ChristianJBergstrom
Dec 04, 2021
Yes, all users should be forced to use MFA. Here's an article I found just now which explains it all as you're on WHFB, much better than if I would give it a go! https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/why-are-my-users-not-prompted-for-mfa-as-expected/ba-p/1449032

Going forward, try out the What if tool and the Report-only option when you experience odd stuff. Perhaps you'd benefit using the new CA templates in preview too. Have a look https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common (the article was updated recently but you'll see those that are common to use if you scroll down)

As sign-in frequency also includes MFA nowadays you should be able to get this working.

Good luck!

ChristianJBergstrom

MVP

Nov 22, 2021

Hi, I can't see anything in your screenshots that shows the "Sign-in Frequency" config set to 23 hours?

marckuhn
Brass Contributor
Nov 23, 2021
ChristianJBergstrom

Hi Christian
many thanks for your feedback. I sent you all the settings i have in the policy.

Best regards,
Marc
- marckuhn
  Brass Contributor
  Nov 23, 2021
  this is what i would like to have, except that we would like to have for Windows 10 MFA in addition.
  - ChristianJBergstrom
    MVP
    Nov 23, 2021
    Hello again, difficult to say when not working in your environment. Have you tried the What If tool?
    
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/what-if-tool

Forum Discussion

Conditional Access not working as expected

Resources