Share via

Exclude User Account From Future Conditional Access Policies

Rhys Thomas 26 Reputation points
2022-08-12T00:23:16.603+00:00

Regarding Conditional Access Policies, is there a way to exclude specific admin accounts from them without having to edit individual ones, and without having to ensure that all future Conditional Access Policies specifically exclude the users?

Context: I'm looking at creating Break Glass accounts which I don't want affected by any CAP (such as MFA etc)

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

Answer accepted by question author

Dillon Silzer 60,931 Reputation points
2022-08-12T03:49:56.927+00:00

Hi @Rhys Thomas

Unfortunately there is no such feature to exempt an account from all Conditional Access Policies. You would need to exclude the break-glass accounts from every Conditional Access Policy that is set up in your environment.

You could suggest this feature to the Azure AD Microsoft Team:

Azure Active Directory

https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

----------------------------------

If this is helpful please accept answer.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.