Exclude Intune apps from Conditional access/MFA

Copper Contributor

We have conditional access in place for all employees and we're about to join several 100 devices into MDM now through hybrid join AAD.

While testing, I discovered that MFA prevents enrollment in most real-life situations and I would like to disable MFA for this part.

I tried to add Intune and Intune enrollment to the excluded apps in the CA policy, but I can't save it, its giving me a "Invalid session control" error.

Session control is set up with "Sign-in frequency" and "Persistent browser session". I don't udnerstand whats invalid about this, can someone explain? Also, how can I fix this? Can I just set up another policy? But if I just copy everything from the first policy, the error will likely just show up again.

0 Replies