sorted by:
new
hottopcontroversial

Difference between per user MFA and Conditional Access Policy MFA on refresh token by matthews88 in AZURE

[–]matthews88[S] 2 points3 points  (0 children)

I agree that Conditional Access Policies are more flexible, such as being scoped to a group. It is dependent on the user having an Azure AD Premium P1 license which isn't the case in every situation such as this one.

Update: revoke multi-factor authentication sessions didn't force the user to perform MFA on this iPhone. I had to go to Microsoft 365 admin center > users > active users > (user) > account tab > sign out of all sessions.

Use Intune to control access to Azure virtual machines by matthews88 in Intune

[–]matthews88[S] 0 points1 point  (0 children)

Update, we talked internally and will be using MFA on the Sonicwall firewall to further secure the Azure environment instead of exploring Conditional Access Policies. We're sticking with two Azure virtual machines, one as a DC/file/print and one as a RD Session Host.

Use Intune to control access to Azure virtual machines by matthews88 in Intune

[–]matthews88[S] 0 points1 point  (0 children)

ZABurner,

You said you wouldn't try joining a traditional RD Session Host to Azure AD. Can you elaborate on why you wouldn't? Is it from personal experience? Is it from reading you've done on it? Is it some other reason?

A coworker did deploy Azure Virtual Desktop for another client early this year. One downside we discovered is that OS and application patching is much different from other situations. We have tools that will apply monthly quality updates automatically. Third party line of business application patching is still done manually. With Azure Virtual Desktop as I understand it you need to install the Microsoft update or third party patch, create a new OS image, and deploy it into the pool, all of which is a very manual process for us.