Require managed device for MFA


Hi everyone,

i have to look for a way to block the ability to generate codes for MFA on not managed devices. But i am a bit stumped right now. Can't find anything in the documentation if it is possible or not.

Maybe a combination of CA and Intune?

Could be a language barrier on my side.

Has anyone else ever had this requirement?

Thank you for ideas and/or help!

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,289 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,342 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 16,351 Reputation points

    Thank you for asking this question on the Microsoft Q&A Platform.

    Try these steps:

    1. Open the Azure AD Portal and open the Directory (“Azure Active Directory”).
      Azure AD Admin Portal
    2. Open “Security”.
      Azure AD Admin Portal - Open Security
    3. Open “MFA”.
      Azure AD Admin Portal - Security - Open MFA
    4. Click on “Additional cloud-based MFA settings”.
      Azure AD Admin Portal - Security - Open MFA
    5. The classic Active Directory / Office 365 Portal opens. Choose the desired allowed Authentication Methods under “Verification options”. Don’t forget to click on “Save”.
      Azure AD Classic MFA Admin Portal


    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.
    0 comments No comments