MFA could not be set in Microsoft Azure OAuth2 Flow

[Ensar Şamil Beşe]

Hi everyone,

I have implemented SSO Integration with Microsoft Azure OAuth2 Flow as detailed here: https://blog.velocidex.com/velociraptor-sso-authentication-6dd68d46dccf

SSO Integration works pretty well. However, whenever I want to apply Conditional Access Policy (MFA) as an extra security precaution, none of the users are asked for MFA.

I contacted with the responsible team about this issue and their response is:

"When a user signs in to your application, the user is signing in to the generic Microsoft Graph endpoint.

As the endpoint is MS Graph and not your application, only CAPs filtering for MS Graph are getting applied.

This is also called the audience/application/scope/resource/ or instance. While they are (technically) not the same, for this discussion, they are mostly interchangeable, and the name only depends on how you set it up, where you are coming from, and where you are looking."

Any suggestions about how this issue can be solved?

Thanks.