Forum Discussion

Deleted's avatar
Deleted
Jul 18, 2017

Require MFA OR Intune Enrollment/compliance when Outside the Trusted IP Range

My company is currently piloting MFA and we have recently deployed Intune for corporate Mobile devices.  We have our MFA setup so it only requires 2 step verification when a device is outside the corporate network.  We would like to require either MFA OR Intune enrollment on mobile devices when they are outside teh corp. network.

 

I am testing a conditonal access policy to accomplish this but it is still asking for 2 step verification even though my test mobile device is enrolled and compliant with intune.

 

Under Access controls, i've selected grant access, require mfa, require device to be marked as complaint, and require ONE of the selected controls (preview)

 

Has anyone seen this issue before?

    • Deleted's avatar
      Deleted

      No ADFS, just have AD Connect syncing from On-prem to Azure AD.

      • Michael Jones's avatar
        Michael Jones
        Brass Contributor

        I do not want to assume. Are you testing this on the corp network or off? If off, this is more than likely by design as MFA is designed to be used for each login attempt unless on a trusted network.

Resources