25,081 questions
Are you requiring MFA registration for all accounts?
https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy
Managing MFA for Share User Accounts
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 50%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Robert Cameron
0
Reputation points
An organization has recently moved from a hybrid environment to a full Azure/Intune environment with the exception of one server to run authentication through AD on a DC so it's still technically hybrid. Among many new things to figure out is how to provide ways for users to login when accessing shared accounts without having to rely on another employees phone number/authenticator app.
As an example, there is a computer lab that all uses one student account. ******@xxxx.com. When trying to login the employee is asked to setup authentication. But with a full classroom this would require 30 different people to put in 30 different contact methods and generate 30 different codes all at once. I've put ******@XXXX.com into two different areas to just outright disable MFA but that still doesn't seem to work.
- In the conditional access policies on intune devices, under the "Require multifactor authentication for all users" template, the rest of the company is assigned included, but this account has been put under excluded
- In Entra, under security > authentication methods > authentication policies > microsoft authenticator I've added the user to a group and have excluded the group.
but in both instances, they are still prompted to setup information to "keep it safe".
Safety means nothing without access.
Any ideas?
Microsoft Security Microsoft Entra Microsoft Entra ID
1 answer
Sort by: Most helpful
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator2023-12-19T22:15:24.0466667+00:00 -
Robert Cameron 0 Reputation points
2023-12-20T16:26:54.5666667+00:00 Thanks for the swift reply Andy,
We are requiring it for all users, thank you for pointing out this section of Entra. There's so many places to check lol. I've added the account and will test here in a bit. Thanks in advanced.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,621 Reputation points Microsoft Employee Moderator2023-12-26T08:34:33.3533333+00:00 @Robert Cameron Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.
Sign in to comment -