Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,563 questions
Conditional Access fails for users who use MS edge but works for users who uses Chrome
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 51%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Chau Le
96
Reputation points
We have a conditional access policy for MFA which we put exemption for Hybrid join devices or device marked as compliant...
Basically if the users use their work machine that is hybrid join, the should not be prompted for MFA for this one application.
Issue is when the user uses MS Edge to connect to the app, they get prompted for MFA and the sign in logs shows a non compliant device
when the users uses Chrome for the same application they DO NOT get prompted (as expected per the CA policy).
How can we start to troubleshoot this?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 34,046 Reputation points Microsoft Employee2022-03-28T23:59:44.38+00:00 Hi @Chau Le ,
I reached out to the product group to ask if there is any recent change that could cause this behavior. In the meantime, could you please share a screenshot of your Conditional Access policy configuration?
Could you also confirm whether this is happening to all users consistently or just some?
Thanks,
Marilee
Sign in to comment