Hello @Mohit Pathak,
Thank you for posting your query on Microsoft Q&A.
To exclude service accounts from getting MFA prompts when they're utilized while establishing an RDP connection, you can add the following registry setting under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa:
Value Name: REQUIRE_USER_MATCH Value Type: REG_SZ Value Data: FALSE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa | REQUIRE_USER_MATCH | REG_SZ | FALSE
Adding this value and setting it to FALSE allows the NPS extension to bypass secondary authentication failures for Non-MFA Enrolled users. Setting REQUIRE_USER_MATCH=FALSE skips the enrollment check which allows non-MFA Enrolled users to authenticate using Primary authentication only. This should allow service accounts to bypass MFA prompts when establishing an RDP connection.
Please refer below article for more information.
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension#prepare-for-users-that-arent-enrolled-for-mfa
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Thanks,
Raja Pothuraju.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.