Advertisement
We have implemented conditional access policies and have set up named locations for our office locations. Users accessing company resources from these locations are not prompted for multi-factor authentication (MFA). This works great,<\/p>\n
However, we have received feedback from several users when they are working at home instead of reciving the MFA thing once daily (which is how we have it set) they need to login to each app i.e word, outlook, teams, one drive , power bi… and sometimes you only have to login to outlook and then they all work long and shor there is no ryme or reason but its a pain in the a$$.<\/p>\n
Additionally, we would like to know if it is possible to designate a device as “trusted,” such as a company-issued laptop, which would not require MFA, while personal devices would still require MFA for accessing company resources.<\/p>\n
Anyone know if this is possible? It is working as its suppose to however when end users have to MFA its asking way to many times in way to many apps.<\/p>","upvoteCount":8,"answerCount":3,"datePublished":"2023-03-31T17:51:17.000Z","author":{"@type":"Person","name":"boredhexagram","url":"https://community.spiceworks.com/u/boredhexagram"},"suggestedAnswer":[{"@type":"Answer","text":"
We have implemented conditional access policies and have set up named locations for our office locations. Users accessing company resources from these locations are not prompted for multi-factor authentication (MFA). This works great,<\/p>\n
However, we have received feedback from several users when they are working at home instead of reciving the MFA thing once daily (which is how we have it set) they need to login to each app i.e word, outlook, teams, one drive , power bi… and sometimes you only have to login to outlook and then they all work long and shor there is no ryme or reason but its a pain in the a$$.<\/p>\n
Additionally, we would like to know if it is possible to designate a device as “trusted,” such as a company-issued laptop, which would not require MFA, while personal devices would still require MFA for accessing company resources.<\/p>\n
Anyone know if this is possible? It is working as its suppose to however when end users have to MFA its asking way to many times in way to many apps.<\/p>","upvoteCount":8,"datePublished":"2023-03-31T17:51:17.000Z","url":"https://community.spiceworks.com/t/mfa-conditional-access-question/949305/1","author":{"@type":"Person","name":"boredhexagram","url":"https://community.spiceworks.com/u/boredhexagram"}},{"@type":"Answer","text":"
Sure, you can use Filter for devices to target specific devices, as detailed here: Filter for devices as a condition in Conditional Access policy - Microsoft Entra ID | Microsoft Learn<\/a><\/p>\n Make sure to also cover the last section in the article, as there are some caveats detailed therein.<\/p>","upvoteCount":1,"datePublished":"2023-04-01T09:35:40.000Z","url":"https://community.spiceworks.com/t/mfa-conditional-access-question/949305/2","author":{"@type":"Person","name":"michev","url":"https://community.spiceworks.com/u/michev"}},{"@type":"Answer","text":" You can use company-devices which are Hybrid-Joined or AzureAD-Joined:<\/p>\n What is a hybrid Azure AD joined device? - Microsoft Entra | Microsoft Learn<\/a><\/p>\n What is an Azure AD joined device? - Microsoft Entra | Microsoft Learn<\/a><\/p>\n