Forum Discussion
Is it possible to allow MFA registration only in a work profile on a managed phone
Hello,
I'm currently rolling out MDM via Endpoint Manager and also enforcing compliance policies using conditional access.
I would like to allow MFA registration only in work profiles, so that users can only register MFA (for Passwordless sign in) on the Microsoft Authenticator app in their work profile.
Does anyone have experience with this, or is this currently even possible?
BrS
1 Reply
The only way that I can think of accomplishing this (and I'll admit I haven't tried) is to have a conditional access policy that targets mobile devices and uses the Require app protection policy setting and require compliant device (require one of the selected). When someone attempts to sign in with their work account to the Authenticator app that isn't in the work profile then the App Protection policy will block sign in to the app?
