Create a separate policy for just the service accounts that blocks access except from trusted IPs.
The service Accounts should be excluded from the MFA CA policy.
How to require multifactor authentication for some accounts in the presence of conditional access with trusted IPs

Mohamed Ali ABIDI
201
Reputation points
Hi,
We have a few service addresses that should not be configured with multi-factor authentication.
For this, we have installed conditional access based on trusted public IP addresses to allow internal connections to service addresses without multi-factor authentication and block connections from the outside.
While testing the policy, we found that all accounts (including service addresses) are connecting, inside the company, without multi-factor authentication.
Is there a way to fix this situation ?
We want the following state
- Service accounts should work without MFA internally and block connections from the outside.
- All other accounts must work with MFA internally and externally.
Thanks.
Accepted answer
-
Andy David - MVP 152.3K Reputation points MVP
2022-06-21T13:41:32.617+00:00