Conditional Access on user level or CA rules

Tom Meeus 141 Reputation points
2022-09-15T09:24:53.893+00:00

Hello,

I'm at the moment securing my tenant's MFA via Conditional Access rules.
I see you can setup MFA from the url https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx (admin center and also set Trusted locations)
On the other hand you can also set trusted locations via Conditional Access.

Now the question is wish one of the two will have the upperhand? The CA or The MFA settings?
Do i need to enable trusted locations in CA and in Azure url shown above?

I got a user that logs in that gets the question to "add a phone number to keep the account safe", i don't want that.

Kind regards,

Tom

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,471 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 104.3K Reputation points MVP
    2022-09-15T09:34:17.973+00:00

    If you already have the necessary licensing, go with CA policies. They offer a lot more flexibility, and this is where Microsoft is making future improvements. The per-user MFA settings will eventually be deprecated.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.