How to require multifactor authentication for some accounts in the presence of conditional access with trusted IPs

Mohamed Ali ABIDI 161 Reputation points
2022-06-21T13:37:09.98+00:00

Hi,

We have a few service addresses that should not be configured with multi-factor authentication.
For this, we have installed conditional access based on trusted public IP addresses to allow internal connections to service addresses without multi-factor authentication and block connections from the outside.
While testing the policy, we found that all accounts (including service addresses) are connecting, inside the company, without multi-factor authentication.

Is there a way to fix this situation ?

We want the following state

  • Service accounts should work without MFA internally and block connections from the outside.
  • All other accounts must work with MFA internally and externally.

Thanks.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,633 questions
No comments
{count} votes

Accepted answer
  1. Andy David - MVP 109.6K Reputation points Microsoft MVP
    2022-06-21T13:41:32.617+00:00

    Create a separate policy for just the service accounts that blocks access except from trusted IPs.
    The service Accounts should be excluded from the MFA CA policy.


0 additional answers

Sort by: Most helpful