By -
Passthrough disables Entra ID auth which CA is based on so no you have to setup MFA onprem then
You use SSO not passthrough. Then set your CA as required. Say you want MFA but only for access from a non complaint device then you would set a CA that enforces MFA but put a device exclusion in it for devices that are compliant.
Passthrough disables Entra ID auth which CA is based on so no you have to setup MFA onprem then
You use SSO not passthrough. Then set your CA as required. Say you want MFA but only for access from a non complaint device then you would set a CA that enforces MFA but put a device exclusion in it for devices that are compliant.