How to setup new AD user to NOT require 2FA when parent account requires 2FA

sekhemrekhutawysobekhotep 36 Reputation points
2023-03-07T22:27:44.9333333+00:00

I own an azure account which has 2FA enabled and have created a new AD user which needs to be able to login normally without ANY 2FA

I will be using this new user account to login from my golang code however the golang azure SQL driver

https://github.com/microsoft/go-mssqldb

fails to handle user logins using active directory which have 2FA enabled

I find it is IMPOSSIBLE to define this new user account to NOT use 2FA

For example when I login to azure portal as this new user the browser prompts for 2FA

See screenshot of the auth settings for this new user as viewed while logged in as my main account

new_user_auth_methods_screenshot

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,514 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
2,867 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ash G 340 Reputation points
    2023-03-08T08:48:01.0633333+00:00

    Hi,

    This can be achieved through Conditional Access. You can set up exclusions within a conditional access policy, even when using the "Common Conditional Access policy: Require MFA for all users." https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#user-exclusions

    Note that you will be unable to apply conditional access if "Security Defaults" is enabled. https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-conditional-access?view=o365-worldwide&tabs=secdefaults