Apr 21 2022 08:59 AM
Hi fellow members
I work in an highly regulated organisation where we DO NOT allow unmanaged devices access to any of our Azure/M365 services. We use both Azure conditional access and tenant restrictions and other methods to secure our environment this way.
However we are in the process of enabling Azure virtual desktop (AVD) and we DO want some users to be able to use this from an unmanaged device and only in this scenario.
Our tenant is pre August 2020 so currently we still use the old MFA/SSPR workflows, we cannot enable combined registration for all so are using the scoped combined registration in user feature in AAD.
We find that since enabling combined registration one of CA policies is blocking access for a user to register their security information either from the legacy workflows or using the combined registration experience.
Using the user actions – register security information to allow from all locations also doesn’t seem to work.
We cannot make any exceptions or remove the conditional access policy, which BTW prevents unmanaged devices to access. We do have another CA policy which does allow AVD from an unmanaged device but mandates MFA. That works great until we force the user to register SSPR security information.
Is anyone aware of any other options that could help address this in this scenario?
Many Thanks
Apr 26 2022 08:49 AM
Apr 26 2022 10:33 AM