How to require multifactor authentication for some accounts in the presence of conditional access with trusted IPs

Mohamed Ali ABIDI 201 Reputation points
2022-06-21T13:37:09.98+00:00

Hi,

We have a few service addresses that should not be configured with multi-factor authentication.
For this, we have installed conditional access based on trusted public IP addresses to allow internal connections to service addresses without multi-factor authentication and block connections from the outside.
While testing the policy, we found that all accounts (including service addresses) are connecting, inside the company, without multi-factor authentication.

Is there a way to fix this situation ?

We want the following state

  • Service accounts should work without MFA internally and block connections from the outside.
  • All other accounts must work with MFA internally and externally.

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,365 questions
0 comments
Accepted answer
  1. Andy David - MVP 140.8K Reputation points MVP
    2022-06-21T13:41:32.617+00:00

    Create a separate policy for just the service accounts that blocks access except from trusted IPs.
    The service Accounts should be excluded from the MFA CA policy.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest