We have a few service addresses that should not be configured with multi-factor authentication.
For this, we have installed conditional access based on trusted public IP addresses to allow internal connections to service addresses without multi-factor authentication and block connections from the outside.
While testing the policy, we found that all accounts (including service addresses) are connecting, inside the company, without multi-factor authentication.
Is there a way to fix this situation ?
We want the following state
- Service accounts should work without MFA internally and block connections from the outside.
- All other accounts must work with MFA internally and externally.