This guide will allow administrators to create an MFA exemption for a desired user or shared account.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Identity Security
Domain: Device Protection Management
Modifies: MFA Authentication Exclusions
MFA Authentication Exclusion
- Navigate to Conditional Access Policies – Azure Active Directory, locate and select the Security Essentials: C1 – Default MFA policy.
- A pop up will be displayed containing all the configured settings being enforced by the policy. Locate and select the Users section followed by the Exclude header. Under the Select Excluded Users and Groups option select the hyperlink to generate the list of all current users and groups that can exempt. Do not modify any other settings listed, failure to abide could result in resources not being protected properly or a mass lockout scenario due to misconfiguration.
- From the list you will be able to select the desired User or Group specified by management. Use the provided text field to search for the user account or group name, select the name in the generated list below, once selected they will be displayed in the Selected section. Finalize the user or group selection by hitting Select.
- Once the necessary exemptions have been made and the user or group is generating in the list of Selected Excluded Users and Groups, select Save to finalize the MFA Challenge exemption process.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.