This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 18%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Hi We are trying to apply Conditional Access in place for O365. Where we want to enfore MFA when users trying to access M365 externally. However we federate M365 with PingFederate (3rd party) and PingID MFA. Is it possible to achieve this, if an user is trying to access M365 from non office network, they will get PingID MFA. If they are on Office network, they will be single signed on. Can this be achieved with Office 365 Azure (Conditional Access) portal?
@GoodResource Thanks for posting in our Q&A.
For this issue, it is more likely to Azure AD. So I will remove the intune tag. Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 50%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Your requirement falls more in line with AAD custom controls, see if this helps.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/controls
You are correct. But am wondering