Hi @Sage Mirror
Thank you for reaching us!
For your query I understand that you are looking to remove MFA and self-password reset for some accounts that are used as "service accounts and you are unable to exclude group in Self-password reset.
I understand your concern, that you want to exclude only a few accounts from the Self-Service Password Reset (SSPR) feature, but currently, the feature only allows you to include groups, not exclude them.
Appreciate if you could share the feedback on our feedback recovery of access review via https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789which is closely monitored by our product team.
However, as a work around you can consider using Conditional Access policies or custom attributes. you can create a Conditional Access policy that requires SSPR for all users, then create another policy that excludes the specific accounts from SSPR.
Also, you could use custom attributes in Azure AD to flag the accounts you want to exclude, then use dynamic group membership rules to automatically include all accounts without this flag in the SSPR group.
I hope this answer helps! If you have any further questions, please feel free to ask.
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.