Forum Discussion

Brass Contributor

May 21, 2020

MFA using Conditional Access VS Additional cloud-based MFA settings

We current have some IP Address Range exception and 14 days browser saving enabled in the "Additional cloud-based MDA Settings" will these setting work in combination with Conditional Access Policy? ...

Azure Active Directory (AAD)

VasilMichev

MVP

May 21, 2020

If you want the IP range exclusion to take effect, you need to add "all trusted locations" condition to your CA policy, or at least the "MFA trusted IPs" location.

PeterRising
MVP
May 21, 2020
VasilMichev

Absolutely yes. Alan Burchill - this can be set within the CA policy as shown below;
- Alan Burchill
  Brass Contributor
  May 21, 2020
  Just to clarify, i know i can use IP address range and location in both... But if i have an IP address range configured... Are the settings additve? Or will it ignore the MFA server settings if a CA policy is applied?
  - Vikram V
    Brass Contributor
    May 25, 2020
    Yes these 2 settings are additive. In the sense that most restrictive setting wins. If both allow, then MFA not needed. Hope this makes sense.
    
    Also, basic MFA setting applies at tenant level, so be careful not to lock yourself out while testing it.