Share via

2FA Conditional Access

Handian Sudianto 7,241 Reputation points
2024-08-12T01:54:46.74+00:00

Hello,

I have plan to enable the 2FA gradually, starting from 10 users first.

We also have policy to disable 2FA for all users if they connected to corporate network.

So can we configure to enable the 2FA for this 10 users but the MFA only will activated when they not use corporate network?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 30,490 Reputation points Volunteer Moderator
    2024-08-12T07:13:54.2466667+00:00

    Hello Handian Sudianto,

    Thanks for your question.

    Yes it can. To do this, I will recommend using named locations.

    To do this, see: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-assignment-network#how-are-these-locations-defined

    Under your conditions you just need to specify that Under “Conditions to Set Exclude to All trusted locations. So, MFA will only be prompted when users are outside the trusted network. This policy can be created using this guide: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-location

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.