1

I'm attempting to create a conditional access policy that would skip MFA for Hybrid AD joined devices or devices enrolled in Intune. I've following these 2 articles in regards to the correct settings:

https://www.itpromentor.com/unmanaged-mfa/ https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-aut...

The policy seems to work for the mobile apps and desktop client apps but it doesn't appear to be working for https://portal.office.com web apps. On the conditional policy, I see no Office 365 portal option to include as an cloud app so I'm prompted for MFA when I launch the Outlook web app. Also, it also disables the Office web apps as well. Is there a fix for this?

Alexander Tolkachev
  • 4,513
  • 3
  • 14
  • 23
Gary Leung
  • 11
  • 1

1 Answers1

0

This feature is currently in preview (as of 10/14/2020): Conditions -> Device State (Preview) -> Exclude -> Device Hybrid Azure AD Joined

It is available in conditional access via the device state (preview) condition. Because it is in preview, your experience may vary. If it is not working for a specific platform, please file a support ticket:
https://aka.ms/azuresupportportal

Elliot Huffman
  • 1,169
  • 1
  • 10
  • 22