Conditional Access policy to apply if device is the users assigned device

Question

Not sure if anyone has tried doing something like this before. We are wanting a way to limit when Multifactor Authentication registration can occur for new users. We would like it to be restricted so that they can only access the multifactor registration page if they are accessing it from their assigned computer. I understand this can be done for "compliant devices" but we would like to do it for the specific device assigned to the user attempting to register.

Thanks in advance!

Answer 1

@Alex

Thank you for posting this in Microsoft Q&A.

As I understand you want to create a conditional access policy that will restrict MFA registration page only from device which is assigned to them.

This requirement is not possible as of now.

With conditional access you can create a policy to restrict or allow users to access particular apps based on devices platforms, IP addresses, device status, sign-in risks etc. But there is no filter as such to define policy using device owner.

However, if you are looking for this requirement then you can submit your feedback in Azure feedback portal in below link. This channel is monitored by our PM team directly.

https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

Let us know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello,

As far as I know I don't think is possible.

Regards,