Add selection of specific MFA Adapter as condition
It would be incredibly helpful if Access Authorization Rules would allow the selection of a specific MFA Adapter or mechanism as a part of a ruleset.
For example, if a user was authenticating from a managed device, use certificate authentication, otherwise prompt for second factor using the Azure MFA adapter, or, if a user belongs to a specific group, always use certificate authentication forst, then attempt for Azure MFA, otherwsie if a user belongs to group "B", always prompt for the Azure MFA Adapter (or any other MFA provider integrated with ADFS)
At the moment it's an all-or-nothing option. If you have mroe than one adapter the user is prompted with all of them and asked to select their mechanism, which isn't very elegant.
Samuel Devasahayam [MSFT] commented
This is fixed in ADFS 2019. See my upcoming session in Ignite next week where I'll briefly talk about it amongst other new features in 2019.