Difficult MFA Conditional Access Requirement?

Apologies if my terminology is all confused but I have a particular requirement which I’m struggling to find a way to implement.

Essentially, I’d like all my users to be prompted for MFA when accessing Office 365 from outside of the corporate network. Pretty easy so far however I’d also like them to have to /register/ their MFA details when inside the organisation. If they attempt to access Office 365 from outside the organisation before registering their details, I’d like them to be blocked.

Can anybody think of how to achieve this?

The reasoning behind this is that with access to a user account awaiting MFA enrollment and a leaked password, there’s nothing to stop an attacker from registering their own details for MFA without other controls in place.

submitted by /u/GarrySPhoto
[link] [comments]

Leave a Reply