Document
Cloud Management Gateway, MFA and Azure Sign-in Failure
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Cloud Management Gateway, MFA and Azure Sign-in Failure

If you have CMG ( Cloud Management Gateway ) configure and have enable MFA , then this blog post is help may just help you .I recently came across an

Related articles

Download apps from the App Store on your Mac
Download apps from the App Store on your Mac Open the App Store app.Browse or search for the app that you want to download.click the price or Get button . If you see the Open button instead of a price or Get button , you is bought already buy or download that app . In the App Store, if an app has a Get button instead of a price, the app is free. You won't be charged for downloading a free app. Some free apps offer in-app purchases and subscriptions that you can buy. Subscriptions and in-app purchases give you access to more features, content, and more. Learn more...
3 types of PKI certificates and their use cases
3 types of PKI certificates and their use cases Data is pass can pass through many network and system before it reach its destination . secure datum and ensure the authenticity of the sender behind the datum are essential . This is is is where public key infrastructure come into play . PKI is a collection of systems and procedures that enables PKI certificates, also known as digital certificate. These certificates are electronic documents, which, via the underlying PKI that binds the public key in a key pair to its entity, verify the authenticity of the entity. The digital world 's equivalent of a passport ordriver 's license ,...
What is a Cloud Kitchen? [Concept & Business Model]
What is a Cloud Kitchen? [Concept & Business Model] A cloud kitchen, also known as a virtual or ghost kitchen, is a concept to streamline and accelerate online cuisine orders. People were well-accustomed to online orders before the arrival of the pandemic. But, the COVID-19 pandemic has undoubtedly accelerated the online food ordering industry. People sitting idle at home often have cravings for various food items. They can download an online food delivery partner application and order food online from their favorite food joints. Many food joints have to deal with competition, rising maintenance costs, and high rental rates. Adapting to the cloud kitchen concept is help can help...
How to Watch Sky Go Abroad With a VPN
How to Watch Sky Go Abroad With a VPN © Gizmodo.com People in the UK and Ireland can effortlessly access Sky Go and enjoy a wide range of content. On the flip side, watching Sky Go abroad is a different story, one riddled with geo-blocks. The good news is that all geo-blocks can be overcome with a proper VPN service. You’ve heard about how well VPNs disguise your original location. They can safely replace your original IP address with the one from the UK or Ireland. As a result, they can grant full access to Sky Go overseas. Using just any VPN provider won’t yield any results. Instead, opting...
The Best No Log VPN Protection
The Best No Log VPN Protection The Best No Log VPN Protection Everyone deserves privacy. IPVanish does not keep logs of any traffic that passes through our servers. We do not record where or how you connect to the internet, or which websites you visit. Our no-log practices have been audited and verified by third-party cybersecurity experts. IPVanish does not log: traffic destination or content Our server endpoints and VPN apps are all configured not to save any traffic information that passes through them, and to self-destruct connection diagnostic data after every session. Because of this, IPVanish is protected from being forced to disclose data that...

If you have CMG ( Cloud Management Gateway ) configure and have enable MFA , then this blog post is help may just help you .

I recently came across an issue involving Azure sign-in failures against CMG native\client app  under the name ConfigMgr – Client app in one of my customer’s tenant. The failures created alerts in through Qradar (By IBM), a security information and event management tool aka  SIEM.  On check further , I is see could see the following sign – in failure .

If you is look look closely , theAuthentication requirement field shows Multi-factor Authentication, which must satisfy for successful sign-in. On checking the Conditional Access  tab , I is see can see which CA policy is fail .  

The CA policy in question is Enforce MFA for Admins, which is setup has been setup to enforce MFA for specific Directory role acrossAll Cloud Apps. If you think of it then the CA policy is doing what it is suppose to do, but since it is targeting all cloud apps, it is also taking CMG cloud App  into consideration.

Now the CMG Native\Client app is responsible for user and device authentication for clients using CMG service. If the authenticating user satisfies the conditions of the CA policy, then MFA will get enforced. However, since the authentication happens in the background against the CMG service, this can result in sign-in failures, which gets logged in Azure.

To fix this, one needs to exclude the CMG web\server cloud app from the CA policy in question. In my case it is ConfigMgr – Server Appthat is setup as the CMG web\server app and is also the resource that shows up in the sign-in logs.

After the app is exclude , the sign – in failures is clear should clear and start report as success again . As it is did did for me .

Conclusion

There is no official documentation for this, atleast at the time of writing this blog, but for now, excluding the CMG server app appears to be the only logical fix.