Daily Archives: 29/07/2016

Testing Azure AD per app MFA and conditional access based on network location

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Azure AD conditional access and per app MFA is globally available starting today, as announced by Alex Simmons. This feature was in preview for some time, but now, that it is globally available, it can be used in production environments. Since this is a new feature, I played a little bit around with it and I would like to share some insights.

Azure AD per app MFA and conditional access allows administrators to set MFA requirements on applications that are registered in Azure AD. This enables interesting scenarios, like for example requiring MFA for Exchange Online, but not for SharePoint Online, if a request comes from outside the corporate network. In order for this to work, you would have to activate MFA first and define the IP ranges that define your corporate network in CIDR format. You should be able to do this by accessing following URL: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspxContinue reading