Event banner
Event details
If we have public (internet) facing web apps that only corporate Entra ID users access, and we want to MFA users that access the sites, is Entra Private access the best tool or should we look at Entra Internet Access
Thanks for participating in today's AMA: Microsoft Entra Internet Access and Microsoft Entra Private Access! For reference, the panel covered this topic at around 33:00.
- If you already host that web application in Azure, and users are already authenticating with Entra ID, you can use conditional access policies to enforce MFA.
- I can't see how that can be done? The web app is in Azure and users are authenticating with Entra ID. I want users to only MFA when they access this app and not get MFA'd on a regular basis if I just required them to MFA on any app via CA
- You can target the application resource (which needs to be registered to use Azure AD/Entra ID authentication) in a conditional access policy, or if your team is the developer of the application, it can be handled directly in the application by requiring an MFA claim for authentication. Here are links to reference documentation for either method: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps and https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-conditional-access-dev-guide
