Sep 23 2019 03:41 AM
Hi All,
I have setup a conditional access policy to enable MFA for Microsoft Dynamics 365 but Exclude SharePoint Online but the policy does not work as im prompted to enter the PIN for SharePoint Online.
Below are the steps i have performed and not sure what I have missed.
Office 365 - enabled MFA for user account
Thanks
Jag
Sep 24 2019 02:18 AM
Hi @jsb81,
have you tried the "What If" tool of Azure to check which CA policies apply to your login situation? Make sure there's no other CA policy forcing MFA.
Sep 24 2019 02:48 AM
Sep 24 2019 04:09 AM
@jsb81 Please choose Sharepoint Online and in a second screenshot your Dynamics app when using the What If tool. Currently you chose "Any cloud app".
Sep 24 2019 04:49 AM
No policy appears when i select SharePoint Online.
So by default should MFA be enabled on the user account or the conditional access Policy will enforce MFA based rules setup on the policy?
Sep 26 2019 12:45 AM - edited Sep 26 2019 12:46 AM
@jsb81 Ah. So you setup MFA on the user account as well as forcing it via CA policy? Then this is why you are prompted in SPO (haven't tested it, but makes sense to me). If you remove MFA from the user account, CA policy will force MFA only on the conditions you chose.