Use Conditional Access to Secure Service Account with Global Admin Rights

%3CLINGO-SUB%20id%3D%22lingo-sub-1070099%22%20slang%3D%22en-US%22%3EUse%20Conditional%20Access%20to%20Secure%20Service%20Account%20with%20Global%20Admin%20Rights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1070099%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20I'm%20having%20issues%20trying%20to%20get%20MFA%20to%20work%20on%20Service%20Account%2Fs%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(New-ExoPSSession%20%3A%20AADSTS50076%3A%20Due%20to%20a%20configuration%20change%20made%20by%20your%20administrator%2C%20or%20because%20you%20moved%20to%20a%20new%20location%2C%20you%20must%20use%20multi-factor%20authentication%20to%20access%20'00000002-0000-0ff1-ce00-000000000000')%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20hoping%20that%20I%20can%20setup%20Condition%20Access%20to%20allow%20these%20service%20accounts%20without%20MFA%20to%20work%20only%20on%20certain%20Trusted%20IP%20range%20or%20specific%20IP%20Addresses.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20You%2C%3C%2FP%3E%3CP%3E-Larry%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1070099%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1070387%22%20slang%3D%22en-US%22%3ERe%3A%20Use%20Conditional%20Access%20to%20Secure%20Service%20Account%20with%20Global%20Admin%20Rights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1070387%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20should%20have%20no%20trouble%20doing%20this%2C%20simply%20use%20the%20relevant%20conditions%2Fexceptions%20in%20your%20policy.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Since I'm having issues trying to get MFA to work on Service Account/s

 

(New-ExoPSSession : AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0ff1-ce00-000000000000')

 

I was hoping that I can setup Condition Access to allow these service accounts without MFA to work only on certain Trusted IP range or specific IP Addresses.

 

Thank You,

-Larry

1 Reply

You should have no trouble doing this, simply use the relevant conditions/exceptions in your policy.