This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA). Establishing this security baseline at the tenant level puts in p...
Updated May 17, 2024
Version 4.0Blog Post
I opened a ticket with OKTA and they are as in the dark as we are. Microsoft NEEDS to do a better job here. This is what OKTA said in a ticket I opened with them "How Azure determines a Service Account would be a question to follow up with Microsoft Support to ensure that it remains exempt. " I have seen some people post screen shots of new Conditional Access Policies show up that they think will be used for this change but other videos say it will not be a user controllable setting, as in not a policy you can disable like the SSO one targeting Admin accounts from previous changes. Being less then a month away from changes and having major providers like OKTA still in the dark is a really bad look for MS and puts a HUGE burden on us admins. What I do understand is all my federated accounts should be left alone but my one OKTA service account uses onmicrosoft, and that will fall under this control, from the spotty limited info I have found. My concern is MS does not even know what they are doing, so L1 and L2 support will just waste our time with some canned response. On top of this all its happening smack in the middle of summer, now I have to be fully prepared to work during my PTO as MS is just leaving us all blowing in the wind. I really whish I had a better answer, we need whitepapers not 3rd party videos and forum posts.