Forum Discussion
MFA set up so users dont need to authenticate every time at home or on work device
Hello AB21805,
"What would be the best way to get them registered?" - this should be the best way for you. If you have 30-40 users with a list of devices you can talk to each other and enroll all of them manually. If you have a local AD environment and all workstations connected to it, you can use a GPO to enroll workstations to AAD and Intune.
"I wanted to require MFA on non intune devices would I exclude or include in the MFA CA policy" -> there should be a policy that Grant Access, Requires MFA, and applied for devices that have property "isCompliant Not equals True" AND "isCompliant Not equals False".
Hi mikhailf
So if I included all locations and excluded office ips:
Grant access but MFA
Also set filter for devices like so:
Will this then only ask those for are not on a intuned company device for MFA when signing into all cloud apps?
- With locations you are right. In this case, users, who are connecting from office IPs will not require to perform MFA.
For devices that are not enrolled in Intune, I would create an additional Conditional Access policy.
Grant + Require MFA for All devices that have property "isCompliant Not equals True" AND "isCompliant Not equals False".
- Hi,
Thanks for this, for the register part I mean these users who are not MFA registered yet so they have no authentication method set what would be best way to get them registered to MFA so they have a method registered. I was thinking send out: https://aka.ms/mfasetupCheck this one: Nudge users to set up Microsoft Authenticator - Azure Active Directory - Microsoft Entra | Microsoft Learn
This is under AAD -> Security -> Authentication methods -> Registration campaign