cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exclude SharePoint Online from Azure Multi-factor authentication

jsb81
Copper Contributor

‎Sep 23 2019 03:41 AM

‎Sep 23 2019 03:41 AM

Exclude SharePoint Online from Azure Multi-factor authentication

Hi All,

 

I have setup a conditional access policy to enable MFA for Microsoft Dynamics 365 but Exclude SharePoint Online but the policy does not work as im prompted to enter the PIN for SharePoint Online.

 

Below are the steps i have performed and not sure what I have missed.

 

Office 365 - enabled MFA for user account

MFA_Enabled_Office365.JPG

 

Include_Dynamics.JPG

 

Exclude_SharePoint.JPG

 

Require_MFA.JPG

 

Thanks

Jag

Labels:
3,159 Views
0 Likes
5 Replies
Reply
5 Replies
Tim Wolf

‎Sep 24 2019 02:18 AM

‎Sep 24 2019 02:18 AM

Re: Exclude SharePoint Online from Azure Multi-factor authentication

Hi @jsb81,

 

have you tried the "What If" tool of Azure to check which CA policies apply to your login situation? Make sure there's no other CA policy forcing MFA.

0 Likes
Reply
jsb81

‎Sep 24 2019 02:48 AM

‎Sep 24 2019 02:48 AM

Re: Exclude SharePoint Online from Azure Multi-factor authentication

@Tim Wolf  Yeah the correct policy applies as shown below.

 

Whatif.jpg

0 Likes
Reply
Tim Wolf

‎Sep 24 2019 04:09 AM

‎Sep 24 2019 04:09 AM

Re: Exclude SharePoint Online from Azure Multi-factor authentication

@jsb81 Please choose Sharepoint Online and in a second screenshot your Dynamics app when using the What If tool. Currently you chose "Any cloud app".

0 Likes
Reply
jsb81

‎Sep 24 2019 04:49 AM

‎Sep 24 2019 04:49 AM

Re: Exclude SharePoint Online from Azure Multi-factor authentication

@Tim Wolf 

 No policy appears when i select SharePoint Online. 

 

So by default should MFA be enabled on the user account or the conditional access Policy will enforce MFA based rules setup on the policy?

 

WhatifSP.jpg

0 Likes
Reply
Tim Wolf

‎Sep 26 2019 12:45 AM - edited ‎Sep 26 2019 12:46 AM

‎Sep 26 2019 12:45 AM - edited ‎Sep 26 2019 12:46 AM

Re: Exclude SharePoint Online from Azure Multi-factor authentication

@jsb81 Ah. So you setup MFA on the user account as well as forcing it via CA policy? Then this is why you are prompted in SPO (haven't tested it, but makes sense to me). If you remove MFA from the user account, CA policy will force MFA only on the conditions you chose.

0 Likes
Reply