Forum Discussion

Galaxy876's avatar
Galaxy876
Copper Contributor
Jul 08, 2024
Solved

Removing MFA for a group of users

Hi,   I'm fairly new to Entra ID and need some assistance with setting up a new CA policy for our users. Currently, we have a CA policy that enforces MFA for all users. There's a new requirement wh...
Azure Active Directory (AAD)
Conditional Access
  • MatejKlemencic's avatar
    MatejKlemencic
    Jul 08, 2024

    Hi Galaxy876

    You can create an additional Conditional Access policy that requires MFA but exempts Trusted Locations. Assign this policy specifically to the employee group, and make sure to exclude this group from your primary policy, which mandates MFA from any location. This setup ensures that users in the group won't need to perform MFA when working on-site but will still need to do so from other locations. Users not in the group will be governed by the primary policy requiring MFA from any location. Hope this helps. 

MatejKlemencic's avatar
MatejKlemencic
Brass Contributor
Jul 08, 2024

Hi Galaxy876

You can create an additional Conditional Access policy that requires MFA but exempts Trusted Locations. Assign this policy specifically to the employee group, and make sure to exclude this group from your primary policy, which mandates MFA from any location. This setup ensures that users in the group won't need to perform MFA when working on-site but will still need to do so from other locations. Users not in the group will be governed by the primary policy requiring MFA from any location. Hope this helps. 

Galaxy876's avatar
Galaxy876
Copper Contributor
Jul 09, 2024
Wow, I didn't think of it that way. It worked. Thank you so much for your help !

Resources