Hi
I read through a few posts here and online , could not find anything
Am I missing a setting?
It is setup as per below , when I sign in as a user assigned to Security GROUP 1 (User Type: Member, no roles assigned) , Security GROUP 1 is excluded in the conditional access policy
I am still getting prompted to sign up to MFA , you can skip setup
Keep your account secure
Your organization requires you to set up the following methods of proving who you are
Azure P2 Premium security license
Security defaults -- disabled
MFA per user -- Disabled for all
Conditional access policy setup -- set to ON , not report only
- Sign in to the Azure portal as a Global Administrator, Security Administrator, or Conditional Access Administrator.
- Browse to Azure Active Directory > Security > Conditional Access.
- Select New policy.
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Assignments, select Users or workload identities.
Under Include, select Directory roles and choose built-in roles like:
- Global Administrator
- Application administrator
- Authentication Administrator
- Billing administrator
- Cloud application administrator
- Conditional Access Administrator
- Exchange administrator
- Helpdesk administrator
- Password administrator
- Privileged authentication administrator
- Privileged Role Administrator
- Security administrator
- SharePoint administrator
- User administrator
Under Exclude, select Security GROUP 1 and organization's emergency access or break-glass accounts.
- Under Cloud apps or actions > Include, select All cloud apps.
- Under Access controls > Grant, select Grant access, Require multifactor authentication, and select Select.
- Confirm your settings and set Enable policy to ON.
- Select Create to create to enable your policy.
Authentication methods
- Azure Active Directory > Security > Authentication Methods
Policies -- all Methods disabled
Registration campaign -- disabled
