I am integrating Azure AD and ISE 3.2 patch 5 version. Using azure credentials authentication and authorization was successful from ISE user was identified by their group. (Here when user is connected to SSID using azure login credential user will be authenticated)
Then I was going to integrate azure AD and Duo. The integration between azure and duo also successful. Also, I applied the conditional access policy if user sign in to previously registered app required duo MFA. But in azure sign in log, it shows as the conditional policy not applied and sign in state as success.
But conditional policy is correctly configured I test with try to login to app using URL then it required Duo MFA. Here user will still authenticate using azure credentials without Duo MFA.
Between azure and ISE authentication protocol is ROPC and since ROPC is does not support MFA (Microsoft Authenticator) do we try with MFA with Duo integration will it work? Screenshot (177).png