question

Alex-5595 avatar image
0 Votes"
Alex-5595 asked ·

Conditional Access - Require Trusted Device OR Trusted Location AND MFA

Hello i'm struggling about to create a Conditional Access Rule what should be

Require Trusted Device OR Trusted Location AND MFA

Maybe I just don't see how it works, can somebody help me?

azure-active-directoryazure-ad-conditional-access
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered ·

@Alex-5595 You can test the following policy to verify if it meets your requirement.
It would be easier if you have 2 different policy for this.


1) Require Trusted Locations - Condition
77104-image.png


Followed by MFA under grant

77151-image.png



2) Require Trusted Devices (If you mean compliant and Hybrid AD Joined)

77137-image.png

Under Grant

77172-image.png

Please do test them and let us know if it helped.




image.png (35.5 KiB)
image.png (24.2 KiB)
image.png (81.7 KiB)
image.png (69.4 KiB)
· 2 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alex-5595 avatar image Alex-5595 ·

Hi we tried it now with two CAs but in your second? You exclude the Device states and in Grant you require them or was it a mistake?

0 Votes 0 ·
vipulsparsh-MSFT avatar image vipulsparsh-MSFT Alex-5595 ·

@Alex-5595 Yeah, it was a mistake, As you wanted MFA in any Case, It should be set to Any device State.

0 Votes 0 ·