Forum Discussion

rich360ctrl's avatar
rich360ctrl
Copper Contributor
Apr 27, 2023

How to exclude O365 desktop apps from MFA when using Conditional Access?

Hi all.

 

I'm have a little trouble excluding the O365 desktop apps from my Conditional Access policy.

 

I have set up a policy to force MFA when accessing MS admin sites such as Azure, Exchange etc, I want this in place to protect them of course. But since I created the policy (with only myself as a test user) I am now getting the likes of Excel failing to log in, and requiring MFA to complete a log in. The policy is "Include all cloud apps".

 

My Conditional Access policy has exclusions for "Office 365" and "Microsoft Cloud App Security" (the last was a stab in the dark). I figured that would allow the apps to bypass this policy, but I'm still having to pass MFA to allow Excel to sign in.

 

I'm not worried if MFA remains on OWA or any other web based access as they aren't used much and I'm happy for them to be MFA'd anyway.

 

Can anyone tell me if there is a way to exclude the desktop apps from MFA but still retain cloud protection?

 

Thanks,

 

Rich.

Resources