Forum Discussion
nirispa
Jul 15, 2021Copper Contributor
Is it possible to allow MFA registration only in a work profile on a managed phone
Hello, I'm currently rolling out MDM via Endpoint Manager and also enforcing compliance policies using conditional access. I would like to allow MFA registration only in work profiles, so tha...
danny_grasso
Apr 14, 2025Brass Contributor
The only way that I can think of accomplishing this (and I'll admit I haven't tried) is to have a conditional access policy that targets mobile devices and uses the Require app protection policy setting and require compliant device (require one of the selected). When someone attempts to sign in with their work account to the Authenticator app that isn't in the work profile then the App Protection policy will block sign in to the app?