How to exclude Emergency access accounts from Security defaults

Septovan 51 Reputation points
2021-07-23T10:12:36.83+00:00

Hi,

I want to ask about how can I exclude the emergency access accounts from require MFA?
I enabled the Security defaults, so that's why all users including the emergency access accounts require MFA.

I use Azure AD Free, so I can't create new policy in Conditional Access.

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,338 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-07-23T12:37:51.793+00:00

    Hi @Septovan · Thank you for reaching out.

    As of now, Security Defaults can either be enabled or disabled. When enabled, Security Default requires all users to register for Azure AD Multi-Factor Authentication. You cannot configure Security Defaults to select specific set of users to require MFA or exclude a set of users from security defaults.

    Since Security Defaults is available as a free feature with Azure AD Free edition, it does not include any configuration options. Unfortunately, as of now, to configure exclusions, you will need to Conditional Access which requires Azure AD Premium P1/P2.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Elan Shudnow 1 Reputation point Microsoft Employee
    2021-09-03T21:30:55.663+00:00

    Ironic that the Security Defaults Page recommends you use Emergency Accounts. But the recommended configurations for Emergency Accounts prohibit you from using Security defaults due to the lack of exclusions.