question

Septovan-0676 avatar image
0 Votes"
Septovan-0676 asked MichaelMiller-4199 commented

How to exclude Emergency access accounts from Security defaults

Hi,

I want to ask about how can I exclude the emergency access accounts from require MFA?
I enabled the Security defaults, so that's why all users including the emergency access accounts require MFA.

I use Azure AD Free, so I can't create new policy in Conditional Access.

Thank you.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @Septovan-0676 · Thank you for reaching out.

As of now, Security Defaults can either be enabled or disabled. When enabled, Security Default requires all users to register for Azure AD Multi-Factor Authentication. You cannot configure Security Defaults to select specific set of users to require MFA or exclude a set of users from security defaults.

Since Security Defaults is available as a free feature with Azure AD Free edition, it does not include any configuration options. Unfortunately, as of now, to configure exclusions, you will need to Conditional Access which requires Azure AD Premium P1/P2.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ElanShudnow-6347 avatar image
0 Votes"
ElanShudnow-6347 answered MichaelMiller-4199 commented

Ironic that the Security Defaults Page recommends you use Emergency Accounts. But the recommended configurations for Emergency Accounts prohibit you from using Security defaults due to the lack of exclusions.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Not ironic, just Microsoft. They know what they are doing. They want you spending more money. They should allow 1-2 accounts to be excluded for this. I am sure there is some user voice that we can all vote on that will be there for many years before anything (if at all) is done.

0 Votes 0 ·