How to setup new AD user to NOT require 2FA when parent account requires 2FA

sekhemrekhutawysobekhotep 41 Reputation points

I own an azure account which has 2FA enabled and have created a new AD user which needs to be able to login normally without ANY 2FA

I will be using this new user account to login from my golang code however the golang azure SQL driver

fails to handle user logins using active directory which have 2FA enabled

I find it is IMPOSSIBLE to define this new user account to NOT use 2FA

For example when I login to azure portal as this new user the browser prompts for 2FA

See screenshot of the auth settings for this new user as viewed while logged in as my main account


Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,407 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,291 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ash G 340 Reputation points


    This can be achieved through Conditional Access. You can set up exclusions within a conditional access policy, even when using the "Common Conditional Access policy: Require MFA for all users."

    Note that you will be unable to apply conditional access if "Security Defaults" is enabled.

    0 comments No comments