Forum Discussion

Ask_Ak's avatar
Ask_Ak
Copper Contributor
Jun 13, 2022

Exclude MFA for Non Users

Hello, what would be the best way to roll out MFA via a conditional access for users and exclude non user identities as teams rooms, conference rooms, shared devices out of it. I am looking for a way...
Azure Active Directory (AAD)
Conditional Access
MFA
  • mikhailf's avatar
    mikhailf
    Jun 13, 2022

    Ask_Ak 

     

    1. You can create a Conditional Access policy based on "All guest and external users", "Directory roles" and "Users and groups". I don't think that you can filter out service accounts (non user identities). But

     

    2. You can create a Dynamic User group. And add users to the group based on their names.

    For example, you create a new Conference room account. Give it a name like "Conference-A102". So the rule should be like this: If the "username" contains "Conference" move it to the "Conference Room" group. Same with other types of non user identities.

Ask_Ak's avatar
Ask_Ak
Copper Contributor
This could be one way but it requires maintenance as every time a new non-user identity is created it would have to be added to the group. I was wondering if there is a way to avoid that maintenance. Like use the same group but only assign MFA to user identities.
mikhailf's avatar
mikhailf
Steel Contributor
Jun 13, 2022

Ask_Ak 

 

1. You can create a Conditional Access policy based on "All guest and external users", "Directory roles" and "Users and groups". I don't think that you can filter out service accounts (non user identities). But

 

2. You can create a Dynamic User group. And add users to the group based on their names.

For example, you create a new Conference room account. Give it a name like "Conference-A102". So the rule should be like this: If the "username" contains "Conference" move it to the "Conference Room" group. Same with other types of non user identities.

Resources