Why conditional access policies not applied when try to sign in app in app registration in azure?

Question

I am integrating Azure AD and ISE 3.2 patch 5 version. Using azure credentials authentication and authorization was successful from ISE user was identified by their group. (Here when user is connected to SSID using azure login credential user will be authenticated)

Then I was going to integrate azure AD and Duo. The integration between azure and duo also successful. Also, I applied the conditional access policy if user sign in to previously registered app required duo MFA. But in azure sign in log, it shows as the conditional policy not applied and sign in state as success.

But conditional policy is correctly configured I test with try to login to app using URL then it required Duo MFA. Here user will still authenticate using azure credentials without Duo MFA.

Between azure and ISE authentication protocol is ROPC and since ROPC is does not support MFA (Microsoft Authenticator) do we try with MFA with Duo integration will it work? Screenshot (177).png

Answer 1

No still problem was not resolving. In their conditional policy apply while try to use with URL paste from the browser to registered app. But it comes as ROPC authentication protocol from cisco ISE that configured conditional policy not applied. Without conditional policy (MFA with Duo) the user will authenticated. Still cannot identify the issue. Screenshot (210).png
Thank you ,

Thanuji Wickramadhara