Hello @Sonal Singh,
Thank you for posting your query on Microsoft Q&A.
Based on your description, it seems you're referring to the announcement about MFA enforcement, specifically the mandatory multifactor authentication for Azure and other administration portals. You wanted to know whether user-based Azure service accounts are sufficient for running automation scripts for AD and Azure resources under the new MFA enforcement, or if additional actions are required.
To clarify, this MFA enforcement applies only to users signing into the Azure portal , Azure CLI , Azure PowerShell and IaC tools, such as Azure Developer CLI , Bicep , Terraform and Ansible to perform any CRUD (Create, Read, Update, Delete) operation will require MFA when the enforcement begins. End users who are accessing apps, websites or services hosted on Azure, but not signing into the Azure portal, CLI or PowerShell, are not subject to this requirement from Microsoft. Authentication requirements for end users will still be controlled by the app, website or service owners.
For more details, refer to the official documentation: Mandatory Multifactor Authentication in Azure
If your user-based service account is not used to connect to any of the mentioned applications, then the mandatory MFA enforcement will not impact its functionality.
Note: This mandatory MFA enforcement does not create a Conditional Access (CA) policy in the Azure portal. Mandatory MFA, managed by Microsoft, operates at the application level from the backend, which is different from Microsoft-managed CA policies.
To summarize: If your user-based service account does not directly authenticate with the listed applications, the mandatory MFA enforcement will have no effect.
To confirm this, you can perform a small test:
- Create a test Conditional Access policy including the service accounts in question.
- Target the "Microsoft Admin Portals" under resources.
- Require MFA as part of the policy.
After implementing the policy, observe the behavior:
- If the functionality breaks, it indicates that the mandatory MFA enforcement could have an impact.
- If the functionality remains unaffected, you can be assured that the mandatory MFA enforcement will not interfere.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.