#AzureAD Conditional Access: Per app MFA and Network Location based policies are now available

August 8, 2016 Chris Spanougakis

This is a really cool feature in case you use Multifactor Authentication on Azure AD (and you should use it, trust me Γελαστούλης). In the past, MFA was available for all the apps and services that are based on Azure AD, like Office365, CRM Online, etc. and it was more or less mandatory, regardless of the application and the location you were connecting from.

Well, I’m really excited because now we have the ability to specify MFA to be used on specific apps and network locations: when you connect from your company computer you can skip it entirely, because this computer is trusted and protected. But when toy connect from a public computer, you should use it because you probably want the extra protection that MFA has to offer.

So this is how it’s configured.

1. Log on to the Azure management portal.

2. Select your directory and then select the Applications tab.


3. In this example I’ll configure MFA only for the CRM Online app, so I have to select the app and click Configure.

4. Here we are: we have the option to configure how MFA will work by enable access rules and specify the required settings. Cool, don’t you think?


Thanks for your time!