CMG sign-ins interactive vs non-interactive

%3CLINGO-SUB%20id%3D%22lingo-sub-2199657%22%20slang%3D%22en-US%22%3ECMG%20sign-ins%20interactive%20vs%20non-interactive%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2199657%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20is%20ConfigMgr%20client%20using%20interactive%20and%20when%20it%20is%20using%20non-interactive%20sign-ins%20to%20CMG%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20using%20non-interactive%20sign-ins%20to%20the%20CMG%20app%3A%20The%20sign-in%20log%20i%20AAD%20shows%20the%20Device%20ID.%20From%20the%20sign-in%20info%20we%20can%20make%20a%20conditional%20access%20policy%20to%20make%20it%20skip%20MFA.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20using%20interactive%20sign-ons%20to%20the%20CMG%20app%3A%20The%20sign-log%20contains%20no%20info%20about%20the%20device%2C%20so%20we%20cannot%20make%20a%20conditional%20access%20policy%20that%20skips%20MFA.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPerhaps%20I'm%20just%20missing%20some%20documentation%20about%20CMG%20and%20MFA%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20a%20lot!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

When is ConfigMgr client using interactive and when it is using non-interactive sign-ins to CMG? 

 

When using non-interactive sign-ins to the CMG app: The sign-in log i AAD shows the Device ID. From the sign-in info we can make a conditional access policy to make it skip MFA.  

When using interactive sign-ons to the CMG app: The sign-log contains no info about the device, so we cannot make a conditional access policy that skips MFA. 

 

Perhaps I'm just missing some documentation about CMG and MFA? 

 

Thanks a lot!

0 Replies