Forum Discussion
MFA set up so users dont need to authenticate every time at home or on work device
Hello AB21805 ,
"authenticate when using MFA when not using a work device" -> you can build a CA policy using Filter for Devices under Conditions. Choose DeviceOwnership or TrustType. Pay attention that devices should be enrolled in Intune or AzureAD.
"when a member of staff is at home on their work device" -> use Named Locations to set locations where you require MFA.
- also if I wanted to require MFA on non intune devices would I exclude or include in the MFA CA policy?
Hello AB21805,
"What would be the best way to get them registered?" - this should be the best way for you. If you have 30-40 users with a list of devices you can talk to each other and enroll all of them manually. If you have a local AD environment and all workstations connected to it, you can use a GPO to enroll workstations to AAD and Intune.
"I wanted to require MFA on non intune devices would I exclude or include in the MFA CA policy" -> there should be a policy that Grant Access, Requires MFA, and applied for devices that have property "isCompliant Not equals True" AND "isCompliant Not equals False".
- Thanks!
As I am in testing stage and not most staff have registered for MFA, if I set all intune managed / work devices to not require MFA unless on a non managed device. What would be the best way to get them registered?
