Configuring MFA for applications using Intune
If you want to require your users to use MFA when logging on to an application that uses Azure AD for authentication you can set up an Intune policy. Intune is Microsoft’s mobile device management (MDM) platform, but it also can be used to manage desktops and applications. For instance, if you have iManage Work configured to use Azure as its single sign-on mechanism you can set up an Intune policy to force the use of MFA when logging on to iManage.
The Intune policy is relatively easy to configure and you can apply the MFA requirement to as many applications as you like. First login to the Microsoft Endpoint Manager in the Azure Portal. Next, navigate to your Conditional Access policies by clicking on Devices > Conditional Access. Then click “+ New policy” at the top of the blade.
From there you need to specify the users that this policy will apply to. You can click on the user(s) or group(s) you wish to apply the policy to by clicking on “Users and groups”. Next, you need to specify what application(s) the policy will apply to by clicking on “Cloud apps or actions”. You can choose a single application or multiple applications. “Conditions” does not need to be modified for an MFA policy. After that you choose whether this policy will grant or block access by clicking on “Grant”. From that blade, you check “Grant access” and “Require multi-factor authentication”. Since you are only specifying one criteria it does not matter whether you choose “Require all the selected controls” or “Require one of the selected controls”.
Once the policy is configured and saved it can take upwards of an hour before it begins to apply to end-users, so you have to be patient. In addition, any changes you make to the policy can also take an hour to propagate so keep that in mind when you are testing.