question

BigSaveDave-5621 avatar image
0 Votes"
BigSaveDave-5621 asked yannara answered

Azure MFA Conditional Access Policy results

Hello! I'm almost done configuring my conditional access test and I want to confirm I'm reading the Sign-In logs correctly. Specifically the Conditional Access Policy Results. I've added screenshots below.

My policy: For all locations Except the corporate network, prompt for MFA. I currently have it setup for one user only when logging into office.com.

The first image shows the sign-in log's Location Tab. It shows the Trusted Network listed. However, the second image (same Sign-In Log) shows the Conditional Access evaluation fails at the Location with a "Not Matched" result.

The third image is a login off the corporate network. I used the cellular data on my personal phone. I was successfully prompted for MFA.

Shouldn't the Corporate Network login read "Matched" because the log in came from the Trusted Network? I'm getting the desired result, but I'm worried I won't be reading the policy evaluations correctly when moving forward and adding more and more policies.


120740-nomfa-trustednetwork.png


120806-nomfa-details-trustednetwork.png


120807-mfa-details-notrustednetwork.png


azure-active-directoryazure-ad-multi-factor-authenticationazure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

yannara avatar image
0 Votes"
yannara answered

So in the second picture, did you get MFA promt?

I was investigating MFA and Cond Access due to ms-500 certification, and I remember it has a little bit odd logic, since "Failure" actually means the CA denies the access and "Not Applied" means, the CA is not applied due its policy config and does not match for autharization which should happen. Also remember, that for Known Location you should specify WAN IP-range, not LAN (NAT).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.