How to setup new AD user to NOT require 2FA when parent account requires 2FA

sekhemrekhutawysobekhotep 41 Reputation points
2023-03-07T22:27:44.9333333+00:00

I own an azure account which has 2FA enabled and have created a new AD user which needs to be able to login normally without ANY 2FA

I will be using this new user account to login from my golang code however the golang azure SQL driver

https://github.com/microsoft/go-mssqldb

fails to handle user logins using active directory which have 2FA enabled

I find it is IMPOSSIBLE to define this new user account to NOT use 2FA

For example when I login to azure portal as this new user the browser prompts for 2FA

See screenshot of the auth settings for this new user as viewed while logged in as my main account

new_user_auth_methods_screenshot

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,407 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,291 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ash G 340 Reputation points
    2023-03-08T08:48:01.0633333+00:00

    Hi,

    This can be achieved through Conditional Access. You can set up exclusions within a conditional access policy, even when using the "Common Conditional Access policy: Require MFA for all users." https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#user-exclusions

    Note that you will be unable to apply conditional access if "Security Defaults" is enabled. https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide&tabs=secdefaults

    0 comments No comments