Forum Discussion
Solved
MFA - Exclusive user exempted from using MFA
Hello good afternoon! First of all, sorry if the language is not clear. I'm using an online translator to help me... Well, I looked like, based a lot on what I saw in official courses but I th...
You can make sure more conditions to 'some excused users', say by Computer, Mobile object, user and group
Hello friends,
Very Good Morning!!!
Well, really, I confirm that the main action of Conditional Access rules is applied "from" a place "on" users. Even though we are apparently manipulating users.
In this way, I used the idea of Jonathan_Reed as a starting point to build my solution. How I did:
1.1) I even created one, saying that of all users accessing from a location, accessing cloud applications, MFA is required, except those I don't want to use MFA.
1.2) For those who don't want to use MFA, I've disabled this setting;
2) A second rule - of guarantee - that users who don't use it don't use MFA can only log in from a single location.
Carrying out tests was the closest to the desired success with real success. In fact, what was desired was for the MFA to be mandatory without exceptions, but this type of situation always arises in which the direction lacked a firm grip.
E Kidd_Ip, I would really like to be able to mitigate better, for example by determining that he can only use "that" computer, with that Operating System, with a specific version etc etc etc... but I understand - and I could be wrong and feel free to correct me -, in my case we are only Office 365 contractors, which makes me not able to collect this data from users' devices OR even define these.
But I ask: is it possible?
Very Good Morning!!!
Well, really, I confirm that the main action of Conditional Access rules is applied "from" a place "on" users. Even though we are apparently manipulating users.
In this way, I used the idea of Jonathan_Reed as a starting point to build my solution. How I did:
1.1) I even created one, saying that of all users accessing from a location, accessing cloud applications, MFA is required, except those I don't want to use MFA.
1.2) For those who don't want to use MFA, I've disabled this setting;
2) A second rule - of guarantee - that users who don't use it don't use MFA can only log in from a single location.
Carrying out tests was the closest to the desired success with real success. In fact, what was desired was for the MFA to be mandatory without exceptions, but this type of situation always arises in which the direction lacked a firm grip.
E Kidd_Ip, I would really like to be able to mitigate better, for example by determining that he can only use "that" computer, with that Operating System, with a specific version etc etc etc... but I understand - and I could be wrong and feel free to correct me -, in my case we are only Office 365 contractors, which makes me not able to collect this data from users' devices OR even define these.
But I ask: is it possible?