How to setup new AD user to NOT require 2FA when parent account requires 2FA

Question

I own an azure account which has 2FA enabled and have created a new AD user which needs to be able to login normally without ANY 2FA

I will be using this new user account to login from my golang code however the golang azure SQL driver

https://github.com/microsoft/go-mssqldb

fails to handle user logins using active directory which have 2FA enabled

I find it is IMPOSSIBLE to define this new user account to NOT use 2FA

For example when I login to azure portal as this new user the browser prompts for 2FA

See screenshot of the auth settings for this new user as viewed while logged in as my main account

Answer 1

Hi,

This can be achieved through Conditional Access. You can set up exclusions within a conditional access policy, even when using the "Common Conditional Access policy: Require MFA for all users." https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#user-exclusions

Note that you will be unable to apply conditional access if "Security Defaults" is enabled. https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide&tabs=secdefaults