Forum Discussion
AB21805
Feb 06, 2023Bronze Contributor
MFA set up so users dont need to authenticate every time at home or on work device
Hi all,
Is it possible to only need to authenticate when using MFA when not using a work device or when a member of staff is at home on their work device?
I have set it to not ask for MFA when member of staff are in office.
- mikhailfSteel Contributor
Hello AB21805 ,
"authenticate when using MFA when not using a work device" -> you can build a CA policy using Filter for Devices under Conditions. Choose DeviceOwnership or TrustType. Pay attention that devices should be enrolled in Intune or AzureAD.
"when a member of staff is at home on their work device" -> use Named Locations to set locations where you require MFA.
- AB21805Bronze Contributoralso if I wanted to require MFA on non intune devices would I exclude or include in the MFA CA policy?
- mikhailfSteel Contributor
Hello AB21805,
"What would be the best way to get them registered?" - this should be the best way for you. If you have 30-40 users with a list of devices you can talk to each other and enroll all of them manually. If you have a local AD environment and all workstations connected to it, you can use a GPO to enroll workstations to AAD and Intune.
"I wanted to require MFA on non intune devices would I exclude or include in the MFA CA policy" -> there should be a policy that Grant Access, Requires MFA, and applied for devices that have property "isCompliant Not equals True" AND "isCompliant Not equals False".
- AB21805Bronze ContributorThanks!
As I am in testing stage and not most staff have registered for MFA, if I set all intune managed / work devices to not require MFA unless on a non managed device. What would be the best way to get them registered?