Jul 08 2019
06:06 AM
- last edited on
Jul 27 2020
06:53 PM
by
TechCommunityAP
Jul 08 2019
06:06 AM
- last edited on
Jul 27 2020
06:53 PM
by
TechCommunityAP
1. MFA only when users access Azure Admin Portal
2. MFA only when users access Office 365 Admin Portal
3. Same must not go through MFA on other apps/services like outlook, teams etc..
4. Also what can i do in the situation when MFA service is not available ? I prefer using CA conditional access for this as same admin whose is suppose to do MFA while logging on to anyone of these Admin Portals however in case MFA service has an issue or is not available for some reason,
how or what configuration i can keep in place before hand and do minimal to quickly avoid MFA prompt
Jul 08 2019 06:16 AM
Jul 08 2019 07:16 AM
No that doesnt work as shown i did a simple test configured a policy selected a users said require MFA for all cloud app but excluded 2 exchange online and teams and kept getting prompted for MFA on those two everytime
Jul 08 2019 07:19 AM
Jul 08 2019 09:10 AM
You cannot target specific O365 portals/endpoints with CA policies, best you can do is target the Azure ones as detailed here: https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management
As for a "bypass" option, I prefer using "known IPs"/"trusted locations": https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#truste...
Jul 12 2019 01:18 AM
So it is clear if it is not possible configure Azure MFA for Admin Portals only,
how would you recommend using trusted IPs for devices behind cloud based Proxy ?