question

Alex-5595 avatar image
0 Votes"
Alex-5595 asked ·

Conditional Access - Require Trusted Device OR Trusted Location AND MFA

Hello i'm struggling about to create a Conditional Access Rule what should be

Require Trusted Device OR Trusted Location AND MFA

Maybe I just don't see how it works, can somebody help me?

azure-active-directoryazure-ad-conditional-access
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered ·

@Alex-5595 You can test the following policy to verify if it meets your requirement.
It would be easier if you have 2 different policy for this.


1) Require Trusted Locations - Condition
77104-image.png


Followed by MFA under grant

77151-image.png



2) Require Trusted Devices (If you mean compliant and Hybrid AD Joined)

77137-image.png

Under Grant

77172-image.png

Please do test them and let us know if it helped.




image.png (35.5 KiB)
image.png (24.2 KiB)
image.png (81.7 KiB)
image.png (69.4 KiB)
· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi we tried it now with two CAs but in your second? You exclude the Device states and in Grant you require them or was it a mistake?

0 Votes 0 ·

@Alex-5595 Yeah, it was a mistake, As you wanted MFA in any Case, It should be set to Any device State.

0 Votes 0 ·