Conditional Access - Require Trusted Device OR Trusted Location AND MFA

Question

Alex-5595 271

Hello i'm struggling about to create a Conditional Access Rule what should be

Require Trusted Device OR Trusted Location AND MFA

Maybe I just don't see how it works, can somebody help me?

Answer accepted by question author

0 additional answers

Answer 1

Vipul Sparsh 16,331 Microsoft Employee Moderator

@Alex-5595 You can test the following policy to verify if it meets your requirement.
It would be easier if you have 2 different policy for this.

1) Require Trusted Locations - Condition

Followed by MFA under grant

2) Require Trusted Devices (If you mean compliant and Hybrid AD Joined)

Under Grant

Please do test them and let us know if it helped.

Alex-5595 271 Reputation points

2021-03-16T12:43:51.773+00:00

Hi we tried it now with two CAs but in your second? You exclude the Device states and in Grant you require them or was it a mistake?
Vipul Sparsh 16,331 Reputation points Microsoft Employee Moderator

2021-03-17T04:13:12.963+00:00

@Alex-5595 Yeah, it was a mistake, As you wanted MFA in any Case, It should be set to Any device State.