Exclude SharePoint Online from Azure Multi-factor authentication

Copper Contributor

Hi All,


I have setup a conditional access policy to enable MFA for Microsoft Dynamics 365 but Exclude SharePoint Online but the policy does not work as im prompted to enter the PIN for SharePoint Online.


Below are the steps i have performed and not sure what I have missed.


Office 365 - enabled MFA for user account











5 Replies

Hi @jsb81,


have you tried the "What If" tool of Azure to check which CA policies apply to your login situation? Make sure there's no other CA policy forcing MFA.

@Tim Wolf  Yeah the correct policy applies as shown below.



@jsb81 Please choose Sharepoint Online and in a second screenshot your Dynamics app when using the What If tool. Currently you chose "Any cloud app".

@Tim Wolf 

 No policy appears when i select SharePoint Online. 


So by default should MFA be enabled on the user account or the conditional access Policy will enforce MFA based rules setup on the policy?



@jsb81 Ah. So you setup MFA on the user account as well as forcing it via CA policy? Then this is why you are prompted in SPO (haven't tested it, but makes sense to me). If you remove MFA from the user account, CA policy will force MFA only on the conditions you chose.