00u16zy300NkYOmNx2p1.5701966160046504E12 (Customer) asked a question.
Azure Portal Login MFA
We have Office 365 MFA Sign on policy rules. We would like to setup other MFA rules for users accessing Portal.Azure.com. I see that there is an Azure Portal Login integration that can be used. The question is If we have both Azure Portal Login and Office 365 apps and MFA rules for both how do we control which MFA take precedence or is enforced? The use case is that we want our users who access Portal.Azure.com to have MFA enforced differently than a normal users accessing an Office 365 app. Any info on best practices around this would be appreciated.
Hello,
Since your Office 365 domain is federated with Okta, when the users access the Azure Portal Login application they will be prompted for MFA according to the sign-on policies that you have in place for your Office 365 application. I'm afraid you cannot enforce a different MFA when your users access the Azure Portal.
For more information about the Office 365 Sign-On rules, please review the following KB article: https://help.okta.com/en/prod/Content/Topics/Apps/Office365/References/o365-sign-on-rule-options.htm
You can setup adfs and make policies on that using okta as mfa for adfs.
doing this makes adfs policies using okta down stream.
more infrastructure but you then get adfs flexibility.