Forum Discussion
Conditional access + Intune
Hello,
I am attempting to achieve no MFA requests for a device in entra, and devices which are hyrbid joined.
MFA will happen to these accounts logged onto devices which are not registered.
The DC is synced with the entra cloud tool
I have made it to exclude a list of devices in regards to display names and trust types. It doesn't seem to allow this policy to exclude AD devices within entra but it works for the intune devices.
Thank you,
Jamie.
The solution to this issue is setting a trusted location to be excluded.
7 Replies
- Why not consider deploying Windows Hello? In my opinion, this best fits the needs of the organization while still maintaining your MFA policies given Windows Hello is a Passwordless authentication method.
- Hi Jamie,
Why would you like to achieve no MFA requests for your users?This would be no MFA requests for users on company devices, outside of the organisations building.
This is not what I desire however this is what it requested by the management of my organisation.
Would you be aware of how to achieve this?
Thank you,
Jamie.- Hi Jamie,
Yes, you would have to configure your office as a trusted location.
Take a look here, at the documentation:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network#ipv4-and-ipv6-address-ranges
As always with conditional access, please test it before activating in production. In worse case, you could potentially lock yourself out.
