Forum Discussion
Solved
Conditional access + Intune
Hello, I am attempting to achieve no MFA requests for a device in entra, and devices which are hyrbid joined. MFA will happen to these accounts logged onto devices which are not registered. The DC...
The solution to this issue is setting a trusted location to be excluded.
Hi Jamie,
Why would you like to achieve no MFA requests for your users?
Why would you like to achieve no MFA requests for your users?
This would be no MFA requests for users on company devices, outside of the organisations building.
This is not what I desire however this is what it requested by the management of my organisation.
Would you be aware of how to achieve this?
Thank you,
Jamie.
- Hi Jamie,
Yes, you would have to configure your office as a trusted location.
Take a look here, at the documentation:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network#ipv4-and-ipv6-address-ranges
As always with conditional access, please test it before activating in production. In worse case, you could potentially lock yourself out.- Hello,
unfortunately this would not achieve what they want to achieve, this would prompt users to MFA on their staff laptops at home. Even though this is common practice, they want this to happen to devices not provided by the organisation.
Thank you,
Jamie.- Hi Jamie,
I'm actually not quite sure how you should achieve no MFA requests at all.
You could take a look at require compliant devices, even though that wouldn't completely remove the MFA prompts.
Microsoft are enforcing MFA where possible, so it's a hard task and definitely not something I would recommend trying to bypass. 🙂