I'm trying to see if there is a way for the SA to redirect non corporate users to a sign in page that uses 2FA, and if the device is a corporate device to only use AD i.e. don't need 2FA.
I can see on hostchecker a policy can be enfored on the realm but can't see any settings to redirect them to a sign-in page. Doesn't look like it's possible, but worth an ask .
Solved! Go to Solution.
two realms - one with 2FA (non-corporate), one without (corporate). assign both to the same sign-in URL
Corporate realm has hostchecker require & enforce policies checking for our corporate background.jpg, or a company-specific registry setting
non-corporate realm has a hostchecker policy NOT (corporate check).
assign both realms to the same sign-in URL
you should get what you want.