Conditional Access enforces MFA but Service Account still ask to secure account

What’s happening here is that even though your Conditional Access policies exclude service accounts from MFA, another policy is likely prompting them to register security information. This “secure your account” message doesn’t come from the MFA enforcement itself but from the security info registration requirement that’s part of Identity Protection or SSPR (Self-Service Password Reset). To fix it, check in Entra ID under Security → Identity Protection → MFA registration policy and make sure your service account group is excluded there as well. Also review your SSPR settings and confirm that these accounts aren’t required to register password recovery methods. Finally, double-check that per-user MFA is completely disabled and use the Conditional Access “What If” tool to see which policy is causing the prompt. If possible, consider converting those service accounts to app registrations or managed identities, since those don’t require MFA or interactive sign-ins at all.

------------------------------------
Don't forget to mark as solution if my answer suits you