本文介绍了条件访问不会提示用户输入MFA的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
b
希望有人看到这个,并指出我的方向正确。
我们在AAD中设置了一些条件访问策略,一个阻止不在受信任站点上的用户,另一个允许用户在不受信任的位置访问(如果应用了MFA)。为用户分配一个策略,或者为其分配两个策略。块
策略工作正常,但MFA策略允许用户连接位置的视点。
什么IF工具显示用户正确获取策略基于IP:
Windows10_Allow_Untrusted_MFA 解决方案 因此,当您的用户从您信任的位置外部登录时,系统会提示他们输入MFA。完成MFA挑战后,他们将被授予访问权限。
根据WhatIF结果,MFA要求是"满意"的。 - 因此用户已被授予访问权限。
由于您提到用户在从不受信任的位置登录时需要MFA受到质疑,因此在这种情况下条件访问策略存在冲突。   Hi,
Hoping someone has seen this and can point me in the right direction.
We have a couple of conditional access policies set up in AAD, one that blocks users that arent on a trusted site and another that allows users access from untrusted locations if MFA is applied. Users are assigned one policy or the other not both. The block
policy works fine, but the MFA policy allows the user to connect regardles of location.
The What IF tool shows the users getting the policy correctly based on IP:
Windows10_Allow_Untrusted_MFA 解决方案 So when your users are logging in from outside your trusted locations, they are prompted for the MFA. Once the MFA challenge is completed, they would be granted access.
As per the WhatIF results, the MFA requirement is "satisfied" - hence the users have been granted access.
Since you mentioned that you need the users to be MFA challenged when they are logging in from untrusted locations, the conditional access policy in this case is in conflict.
这篇关于条件访问不会提示用户输入MFA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
| |
