Hi,
We control our MFA for users via Control Access. One policy is for External Device and Non-Complaint Device (In the conditions, Hybrid Join and Complaint are excluded). This so if anyone (even a Account on tenant) uses an 'unknown' device they will be prompted for MFA, which has s sign frequency of 12 hours
The problem (not really a problem in my eyes), the users have asked for MFA only to appear during setup of the Device for Outlook and Teams.
I excluded outlook for the first policy and create the same policy to only include Outlook and remove the sign frequency of 12 hours, This worked for the Outlook, got the MFA during adding the account to outlook.
Then I added teams to the second policy and excluded it from the first. I setup teams got the MFA prompt as expected, but the next I got the prompt for MFA for teams the next day, but not outlook, I did the same with Skype for Business (as I have with outlook and teams) included and excluded for the policy, the following days still got the MFA prompt for teams.
I know teams uses different services within MS365, would I also need to exclude SharePoint? some I really don't what to do.
