Hi there,

a customer of us is in a pilot period of utilizing a 3rd party federation service. To be exact the FortiAuthenticator is installed On-Premises and should handle the MFA process.

So we already changed the domain status with Set-MsolDomainAuthentication to federated for a specific domain.

The customer and we know that there are certain limitations regarding conditional access.
But I don't find a solid documentation about this. Is no conditional access possible at all, or just regarding conditional access policies enforcing MFA?

The goal would be (if possible) that a user should meet the compliant device or hybrid joinded device state after he authenticated with the FortiAuthenticator.

Thanks in advance.

Kind regards,
woelki