Jul 08 2019
- last edited on
Jul 27 2020
1. MFA only when users access Azure Admin Portal
2. MFA only when users access Office 365 Admin Portal
3. Same must not go through MFA on other apps/services like outlook, teams etc..
4. Also what can i do in the situation when MFA service is not available ? I prefer using CA conditional access for this as same admin whose is suppose to do MFA while logging on to anyone of these Admin Portals however in case MFA service has an issue or is not available for some reason,
how or what configuration i can keep in place before hand and do minimal to quickly avoid MFA prompt
Jul 08 2019 06:16 AM
Jul 08 2019 07:19 AM
Jul 08 2019 09:10 AM
You cannot target specific O365 portals/endpoints with CA policies, best you can do is target the Azure ones as detailed here: https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management
As for a "bypass" option, I prefer using "known IPs"/"trusted locations": https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#truste...