I need your help. We’re currently engaged with Microsoft on a project to enable MFA within our Azure Environment. To successfully do this we are excluding service accounts used by our applications to avoid service impact. We currently use a certain service account for our enterprise app\app registration. However to complete the policy we are also used named location. We have seen addresses so far. I would like to know if that certain service account can provide the wider subnet that they use so we can make necessary exclusions? and how?