Azure AD Connect sync account MFA support

Sol Birnbaum I currently have the baseline policy enabled, and the "user-level" MFA disabled for the account used by AD Connect and it works.  ADConnect/DirSync still syncs successfully.

The senior support engineer basically said that the "Policy level" one is somehow "application aware" and does not interfere with AD Connect, whereas the User-Level one is not and requires MFA on every type of login.

It looks like they have indeed updated the documentation page they said they would update as part of my escalated support case.  This page:https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq?branch=isaiah%2Fsecurity-requirements-update 

Heading: "What are the key actions I need to take to meet the requirements?" has now been updated to explicitly mention the baseline policies.  

They have also added this new section:

Will the service account used by Azure AD Connect be impacted by the partner security requirements?

No, the service account used by Azure AD Connect will not be impacted by the partner security requirements. If you experience an issue with Azure AD Connect as result of enforcing MFA, then open a technical support request with Microsoft support.

Put differently, if you enable the Policy level one, it should have the effect of requiring MFA for a user trying to log into the portal to do admin work like manage your partner account, but it should not prevent logins used for other purposes.  Since they are trying to secure the partner portal, they view the mission as accomplished via the Baseline Policy.