Forum Discussion

Brent Ellis's avatar
Brent Ellis
Silver Contributor
Feb 06, 2018

Does Azure MFA / Conditional Access work on native Android / iPhone clients?

We are starting to pilot MFA and Conditional Access.  Seems to work great on most actual apps (e.g. Outlook, Yammer, OneDrive, Groups, etc) and resources accessed via browser.   But we are notici...
Access Management
Azure Active Directory (AAD)
Brent Ellis's avatar
Brent Ellis
Silver Contributor
Feb 06, 2018
Thank you for the quick reply.

So if I enforce MFA (via AAD MFA setting), can I then use Conditional Access to bypass it based on my criteria?

Or do I pretty much have to make the choice to go all on, or use Conditional Access and accept what is not covered?
Mohan Seenippandian's avatar
Mohan Seenippandian
Brass Contributor
Feb 06, 2018

I think it is either Conditional Policy or enforce MFA. If your criteria is location based rule and is to bypass MFA for trusted IPs and internal IPs(ADFS Claim), you can still specify those IPs in the service settings section in Azure AD MFA console. This will apply MFA policy to all apps.

 

If you noticed, there is a setting in the "Access Controls" section in Conditional Access Policy (v2), there is an option to specify "Require Approved client app". This does not include "Browser" as a client at the moment. I would really like to see this feature extended to Approved clients and Approved browser, which will allow us configure Conditional Access Policies to all/targeted cloud apps using CAP v2 conditions/rules. 

 

  • VasilMichev's avatar
    VasilMichev
    MVP
    Feb 06, 2018

    The latest version of the iPhone mail client should support ADAL/MFA.

Resources