This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 16%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
In our environment we need to offer two different MFA providers for employees (Thales) and students (Azure MFA). The selection based on groupmembership is working, but we ran into an issue with Azure MFA for students.
When students does not have a method enrolled in Azure, they need to ProofUp using the https://aka.ms/mfasetup page. But students needs to sign-in to this page, student is being redirected to ADFS and MFA is being forced by AdditionalAuthenticationRules. Is it possible to exclude proofup page from MFA?
If Azure is being used to enforce MFA (Conditional Access Policies), the page is being excluded from MFA. So it seems to possible?
@Pierre Audonnet - MSFT , please give it some love.
@Pierre Audonnet - MSFT please give it some love :)
If you are enforcing MFA on the RP which it sounds like you are, then you cannot exclude that 1 page on the ADFS side. You would need to stop enforcing it there and use something like conditional access in AAD to apply that MFA. Another option is to use TAP https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass. This code would be used against Azure AD directly and would allow them to register for Azure MFA.