![]() ![]() Besides the flexibility in the assignment, there is no flexibility in the access control. That includes the user risk level, the sign-in risk of the user, the device platform of the device that the user is signing in from and the location that the user is signing in from. Basically every condition that is not dependent on a device registration, can be used as a condition in the assignment. That flexibility can be used to exclude specific users from the assignment (not advised) and can also be used to add additional conditions to the assignment. By bringing that user action to CA, the flexibility of a CA policy can be used to create a fine-grained policy that fits the needs and requirements of any organization when requiring MFA for registering or joining devices to Azure AD. The Register or join devices user action can be used to address those challenges. That could cause some challenges with specific scenarios, which – in the worst case – would require that setting to be turned off for all devices. That setting, however, is a tenant-wide setting and allows no flexibility. Azure AD already contains a setting that can be used to required MFA when registering or joining devices to Azure AD. It’s important to start with mentioning that it’s not new that it’s now possible to require MFA when registering or joining devices to Azure AD. Introduction to the user action for registering or joining devices Important: The Register or join devices user action is also the new recommended method for enforcing MFA when registering or joining a device Azure AD. This post will end with a look at sign-in logs. This post will start with a short introduction about that new user action, followed with the steps to configure that user action. ![]() That new feature is the Register or join devices user action. Starting with March 2021, Azure AD contains a new feature in Conditional Access (CA) that provides more flexibility for requiring MFA when registering or joining devices to Azure AD. More specifically, about requiring multi-factor authentication (MFA) when registering or joining devices to Azure AD. This week is all about registering and joining devices to Azure Active Directory (Azure AD).
0 Comments
Leave a Reply. |