Can you setup Conditional Access to force MFA on a specific website, no matter what? If so how?

Denny Cherry 11 Reputation points MVP
2020-06-19T19:57:44.817+00:00

I'm setting up Conditional Access. We want it setup to prompt for MFA on all websites when you aren't in a trusted location, (we have this setup), and bypass MFA when you are in a trusted location.

We have a specific website that we want to always prompt for MFA no matter the location that you are in. But I can't seem to find the correct set of settings to make this happen. What settings do I need to use (as well as what settings to I need to use for a new app registration) to make this work? This is a 3rd party website that I don't control, but the data on it is very sensitive, so we want to have MFA on it at all times.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,607 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Denny Cherry 11 Reputation points MVP
    2020-06-21T07:41:43.617+00:00

    What needs to be put for the new application as it's a third party site that I don't control?

    1 person found this answer helpful.
    0 comments No comments

  2. T. Kujala 8,706 Reputation points
    2020-06-20T08:57:58.843+00:00

    You can assign Conditional Access and MFA for services and sites listed the Cloud apps and actions area. Check the picture.

    If you have created an app then you can assign the Contional Access rules for it.

    So, you can't directly require MFA for untrusted locations.

    The source for picture.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

    select-azure-management-app.png

    0 comments No comments