question

wick111 avatar image
0 Votes"
wick111 asked ·

Conditional Access policy to require one of two MFA options?

We have Duo mfa configured and in use in our org. Duo works just fine as an mfa provider for Azure AD auth. We've been told my MS that a CA rule can be set to require Duo or MS mfa during auth. Has anyone actually tested this out and can describe the expected user workflow with this type of rule?

THX> Eric

azure-ad-multi-factor-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered ·

@wick111, Yes, it works. When you configure more than one MFA provider in Azure, all those MFA providers do get listed in the section Access Controls --> Grant, while creating a Conditional Access Policy.

You can refer to the screenshot below for more info:

4074-requireduomfa.png

I also stumbled upon the following article from DUO, which speaks about configuring the Conditional Access Policy in Azure For DUO. You can refer this article too.
https://duo.com/docs/azure-ca

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.






requireduomfa.png (42.8 KiB)
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WuichnerEric-9492 avatar image
0 Votes"
WuichnerEric-9492 answered ·

@soumi-msft

Thanks for your reply. I was able to accomplish what you outlined but what i want to do is put option of using MS or DUO MFA in same policy. Someone at MS once told me you could do this successfully but i am unable to actually make it work in an OR manner for an end user. This is the config I'm seeking any additional insights on.

THX> Eric

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.