Forum Discussion

Ask_Ak's avatar
Ask_Ak
Copper Contributor
Jun 13, 2022
Solved

Exclude MFA for Non Users

Hello, what would be the best way to roll out MFA via a conditional access for users and exclude non user identities as teams rooms, conference rooms, shared devices out of it. I am looking for a way...
Azure Active Directory (AAD)
Conditional Access
MFA
  • mikhailf's avatar
    mikhailf
    Jun 13, 2022

    Ask_Ak 

     

    1. You can create a Conditional Access policy based on "All guest and external users", "Directory roles" and "Users and groups". I don't think that you can filter out service accounts (non user identities). But

     

    2. You can create a Dynamic User group. And add users to the group based on their names.

    For example, you create a new Conference room account. Give it a name like "Conference-A102". So the rule should be like this: If the "username" contains "Conference" move it to the "Conference Room" group. Same with other types of non user identities.

B4Art's avatar
B4Art
Brass Contributor
Jan 29, 2024

Ask_Ak 
Maybe bit off topic, we had the experience of room-accounts becoming disabled via an automatic process in the background in Azure AD. This was because after creating the Room account the password did not match the password policy when they were created.

Maybe this remark will help someone else.

Resources