Scenario:

In Conditional Access Policies, under the grant controls section, we select 2 options:

1. Require multifactor authentication

2. Require approved client app

and then For multiple controls, we select “Require one of the selected controls“option.

Now assuming all the conditions defined in previous steps are satisfied, in this case which of the above 2 options would be evaluated? Is there a criteria? I tried checking the documentation, didn’t find the answer there.

Also, does this mean if I am coming from an approved app, I don’t have to do MFA?

Lastly, if this is the main MFA policy, then this configuration is not correct, right?

​Scenario:In Conditional Access Policies, under the grant controls section, we select 2 options:1. Require multifactor authentication2. Require approved client appand then For multiple controls, we select “Require one of the selected controls”option. Now assuming all the conditions defined in previous steps are satisfied, in this case which of the above 2 options would be evaluated? Is there a criteria? I tried checking the documentation, didn’t find the answer there.Also, does this mean if I am coming from an approved app, I don’t have to do MFA?Lastly, if this is the main MFA policy, then this configuration is not correct, right?  Read More

​