Dec 17 2018
11:38 AM
- last edited on
Jan 14 2022
05:21 PM
by
TechCommunityAP
Dec 17 2018
11:38 AM
- last edited on
Jan 14 2022
05:21 PM
by
TechCommunityAP
Hi all,
We enabled Office 365 MFA in our organization (We have E1 licensing). We recently discovered that Microsoft enabled for us Azure conditional access where we can let the users work without entering their MFA code every time they are requested.
The problems we face are:
We need a way to migrate our users as smooth as possible with the least user interaction as possible.
As one user told me: "I want to know that when I start my computer it works without me setting up anything"
Any help would be appreciated.
Dec 17 2018 12:17 PM
Dec 17 2018 12:59 PM
Well we were able to set up conditional access to some extent, we were able to disable office MFA for a user and set that user with conditional access and it works pretty well.
My question is if there is any way to migrate the user to conditional access without a lot of user intervention mainly re-setting the user's second authentication device.
Dec 17 2018 01:05 PM
Dec 17 2018 01:19 PM
Dec 17 2018 08:56 PM
Your users will always have to be configured for MFA. Depending on your wishes you can define your conditional access but your users need to have their MFA setup.
Dec 17 2018 09:11 PM
Dec 17 2018 09:14 PM
Do you mean Office 365 MFA?
Office 365 MFA and Conditional access use the same MFA service, Azure MFA. So if you would enable Conditional Access it will use the same configuration for the users that already have configured their additional authentication. So, since it is the same MFA it should not ask to reset the device setup.
Dec 17 2018 10:22 PM
So if we enabled MFA through Office 365 and than added the user to Azure conditional access this should work? I don't need to do anything else?
Dec 18 2018 05:34 AM
Yes. There shouldn't be any issues since it is the same MFA Service.
Dec 20 2018 05:40 AM - edited Dec 20 2018 01:12 PM
My question was incomplete in the first place.
Right now our users are needed to enter MFA code every month per Office 365 MFA policy
I want them to use Conditional Access. My policy looks like this:
Here is my problem: If I just add a user to CA the MFA prompt will continue on another Hybrid computer (AzureADPRT is set to YES under SSO state on all domain devices). If I add to CA and disable Office 365 MFA the phone information will be saved but the user will still be prompted for registration.
sorry for the confusion...
Dec 24 2018 11:54 AM